[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Access to client-side subnet via routed VPN


  • Subject: Re: [Openvpn-users] Access to client-side subnet via routed VPN
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 11 Sep 2007 16:48:21 +0200

Title: Re: [Openvpn-users] Access to client-side subnet via routed VPN
Did you "So either add routes to hosts on the client LAN" ?
Because otherwise turning on routing is not enough.
 
Again, either :
 - turn on routing and set up routes on your LAN (on each involved station or the gateway)
 - turn on routing (you already did this)
or :
 - use NAT (this does not require any changes on other machines on the LAN)
 
Regards,
David


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Daniel L. Miller
Sent: Tue 11-Sep-07 16:46
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Access to client-side subnet via routed VPN

Timothy Baldwin wrote:
> In message <B216E7A91F67B6429E3ACF162402A02D570C3C@xxxxxxxxxxxxxxxxxxxxx>,
> David Balazic <David.Balazic@xxxxxxxxxxxxxxxxxx> wrote:
>

>  
>> The host on the remote network, like 10.4.1.150, must know where to send
>> replies. Either the VPN client (.140) masks the packet as coming from him,
>> or .150 has a route added for the source of the packets coming from your
>> VPN server. That would be 172.27.0.1, I guess.
>> 
>> So either add routes to hosts on the client LAN, or use masquerading on
>> the client. (this is actually supported by Windows : see ICS)
>>    
>
> The route added on the clients LAN needs to be to the LAN IP of the client,
> 10.4.1.140. An alternative would be add this route to the default router of
> the client's LAN.
>
> Further, if not masquerading, IP routing needs to enabled the client, see:
> http://www.windowsnetworking.com/articles_tutorials/w2kprout.html
>  
I did set the "IPEnableRouter" entry to "1" on the client.  Is that
sufficient?

Daniel

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users