[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Access to client-side subnet via routed VPN


  • Subject: Re: [Openvpn-users] Access to client-side subnet via routed VPN
  • From: Marco Fretz <mailinglist@xxxxxxx>
  • Date: Tue, 11 Sep 2007 17:30:34 +0200

me again =)

i forgot to mention that i suggest u to NOT us such a complex routing 
just to reach the clients network. using nat on the client is the more 
scalable way if u want to do this with more then one client or with more 
then one host behind the vpnclient :) because if u use nat u have NOT to 
add routes on the hosts behind the vpnclient

if u use nat on the vpnclient, the packet (i.e. ping) from the vpnserver 
looks for the host behind the vpclient like its coming from the hosts 
itselfs. take care about the nat direktion. the nat outside interface 
must be the vpnclients local subnet interface (the ethernet interface). 
so the vpnclient is doing a nat from the vpn subnet to the vpnclients 
local subnet with the vpnclients ethernet ip-address as translated source ip


greets
marco

Daniel L. Miller wrote:
> Luke Kearney wrote:
>   
>>>> The VPN uses the 172.27.0.0/16 network.  The VPN server, on tun0, is 
>>>> 172.27.0.1.  The VPN client is 172.27.0.14.
>>>> The VPN server exists on its LAN 192.168.0.0/24 as 192.168.0.71.
>>>> The remote client has a remote LAN address of 10.4.1.140.  I'm trying to 
>>>> reach 10.4.1.150 through the VPN.
>>>>       
>>>>         
>>> Ok, you need to tell the VPN server that the subnet 10.4.1.140/?? exists
>>> at this point in time you appear to have a Client Server VPN tunnel
>>> established but no site to site. Assuming your remote network is
>>> 10.4.1.0/24 add something like this to your server configuration
>>>
>>> route 10.4.1.0 255.255.255.0
>>>
>>> And restart - Failing any firewalling done on your remote client at
>>> 10.4.1.140 you should now be able to ping hosts on that subnet via the
>>> VPN tunnel.
>>>     
>>>       
> I currently have:
>
> route 10.4.1.0 255.255.255.0
>
> in my sever configuration and
>
> iroute 10.4.1.0 255.255.255.0
>
> in the ccd/client file.
>
> I am still unable to ping other hosts on the remote network.
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users