[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Access to client-side subnet via routed VPN


  • Subject: Re: [Openvpn-users] Access to client-side subnet via routed VPN
  • From: Marco Fretz <mailinglist@xxxxxxx>
  • Date: Tue, 11 Sep 2007 17:15:59 +0200

hello

i've to say i read the posts really quickly. but i the problem was shown 
2-3 post ago yet...
you need NAT on the client OR you need a route entry on the host u want 
to reach in the subnet behind the vpn client. its inpossible to solve 
this problem only with openvpn config! what u can config over openvpn is 
the way TO the host behind the vpnclient but not the way back to the vpn 
server...

little stuff to think about: ^^

- u must tell the vpn server where to reach the subnet behind the vpn 
clients (gw = vpnclient address)
- all hosts in the vpnclients local subnet have to know where the can 
find the vpnsubnet (gateway = vpnclient local subnet address)

if u want that local hosts behind the vpnclient must be able to reach 
the subnet behind the vpn server u have to do the same thing the other 
way like:
- u must have the routes mentioned above
- all hosts on local net behind the vpnclient must knwo where to reach 
the vpnsevers local net (gw = vpnclient)
- vpnclient must know, where to reach the local subnet behind vpnserver 
(u can push this route with the push "route ..." option in openvpn)

i hope this could help u... im sorry i did not write about your real 
config or give u any direct examples.

marco

Daniel L. Miller wrote:
> Luke Kearney wrote:
>   
>>>> The VPN uses the 172.27.0.0/16 network.  The VPN server, on tun0, is 
>>>> 172.27.0.1.  The VPN client is 172.27.0.14.
>>>> The VPN server exists on its LAN 192.168.0.0/24 as 192.168.0.71.
>>>> The remote client has a remote LAN address of 10.4.1.140.  I'm trying to 
>>>> reach 10.4.1.150 through the VPN.
>>>>       
>>>>         
>>> Ok, you need to tell the VPN server that the subnet 10.4.1.140/?? exists
>>> at this point in time you appear to have a Client Server VPN tunnel
>>> established but no site to site. Assuming your remote network is
>>> 10.4.1.0/24 add something like this to your server configuration
>>>
>>> route 10.4.1.0 255.255.255.0
>>>
>>> And restart - Failing any firewalling done on your remote client at
>>> 10.4.1.140 you should now be able to ping hosts on that subnet via the
>>> VPN tunnel.
>>>     
>>>       
> I currently have:
>
> route 10.4.1.0 255.255.255.0
>
> in my sever configuration and
>
> iroute 10.4.1.0 255.255.255.0
>
> in the ccd/client file.
>
> I am still unable to ping other hosts on the remote network.
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users