[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] unable to ping internal LAN after connectedtoVPN


  • Subject: Re: [Openvpn-users] unable to ping internal LAN after connectedtoVPN
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 18 Sep 2007 13:38:39 +0200

Title: RE: [Openvpn-users] unable to ping internal LAN after connectedtoVPN
1.) you said the openVPN client machine is on a 192.168.x.y network, but the route table you posted contradicts that claim !
 
2.) on "my PC, 172.16.1.88":  you need to add a route to the 10.8.0.0/24 network. Use the ROUTE command
the parameters are : destination 10.8.0.0 , netmask 255.255.255.0 , gateway 172.16.1.11
 
That is, the command is : route ADD 10.8.0.0 MASK 255.255.255.0  172.16.1.11
 
David


Von: Winanjaya [mailto:winanjaya@xxxxxxxxxxxxxxxx]
Gesendet: Di 18-Sep-07 12:18
An: David Balazic
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: RE: [Openvpn-users] unable to ping internal LAN after connectedtoVPN

on vpn client:

C:\Documents and Settings\Administrator>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 ff 37 f3 59 d7 ...... TAP-Win32 Adapter V9 - Packet Scheduler Minipo

0x150002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  202.158.106.191  202.158.106.191      1
         10.8.0.0    255.255.255.0         10.8.0.2        10.8.0.2       30
         10.8.0.2  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.2        10.8.0.2       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.16.1.0    255.255.255.0         10.8.0.1        10.8.0.2       1
    202.158.2.149  255.255.255.255  202.158.106.191  202.158.106.191      1
  202.158.106.191  255.255.255.255        127.0.0.1       127.0.0.1       50
  202.158.106.255  255.255.255.255  202.158.106.191  202.158.106.191      50
        224.0.0.0        240.0.0.0         10.8.0.2        10.8.0.2       30
        224.0.0.0        240.0.0.0  202.158.106.191  202.158.106.191      1
  255.255.255.255  255.255.255.255         10.8.0.2        10.8.0.2       1
  255.255.255.255  255.255.255.255  202.158.106.191  202.158.106.191      1
Default Gateway:   202.158.106.191
===========================================================================
Persistent Routes:
  None


on vpn server:

C:\Documents and Settings\Administrator>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 25 64 f9 4a ...... TAP-Win32 Adapter V9
0x10004 ...00 1a 92 90 e7 f7 ...... Marvell Yukon 88E8001/8003/8010 PCI Gigabit
Ethernet Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.1.5      172.16.1.11     10
         10.8.0.0    255.255.255.0         10.8.0.1         10.8.0.1     30
         10.8.0.1  255.255.255.255        127.0.0.1        127.0.0.1     30
   10.255.255.255  255.255.255.255         10.8.0.1         10.8.0.1     30
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
       172.16.1.0    255.255.255.0      172.16.1.11      172.16.1.11     10
      172.16.1.11  255.255.255.255        127.0.0.1        127.0.0.1     10
   172.16.255.255  255.255.255.255      172.16.1.11      172.16.1.11     10
        224.0.0.0        240.0.0.0         10.8.0.1         10.8.0.1     30
        224.0.0.0        240.0.0.0      172.16.1.11      172.16.1.11     10
  255.255.255.255  255.255.255.255         10.8.0.1         10.8.0.1      1
  255.255.255.255  255.255.255.255      172.16.1.11      172.16.1.11      1
Default Gateway:        172.16.1.5
===========================================================================
Persistent Routes:
  None


on my PC, 172.16.1.88:

C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 1a 92 76 12 86 ...... Marvell Gigabit Ethernet Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.1.5     172.16.1.88       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
       172.16.1.0    255.255.255.0      172.16.1.88     172.16.1.88       1
      172.16.1.88  255.255.255.255        127.0.0.1       127.0.0.1       1
   172.16.255.255  255.255.255.255      172.16.1.88     172.16.1.88       1
      192.168.1.9  255.255.255.255       172.16.1.1     172.16.1.88       1
        224.0.0.0        224.0.0.0      172.16.1.88     172.16.1.88       1
  255.255.255.255  255.255.255.255      172.16.1.88     172.16.1.88       1
Default Gateway:        172.16.1.5
===========================================================================
Persistent Routes:
  None





-----Original Message-----
From: David Balazic [mailto:David.Balazic@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, September 18, 2007 5:04 PM
To: winanjaya@xxxxxxxxxxxxxxxx
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: AW: [Openvpn-users] unable to ping internal LAN after
connectedtoVPN


Is IP forwarding turned on on the OpenVPN server machine ?
Any firewalls, packet filters etc ?
 
Please post the route table on :
 - vpn client
 - vpn server
 - one of the hosts on the 172.16.1.0 network
 
(you can get it with ROUTE PRINT on Widows or "route -n" on unix)
 
Regards,
David

________________________________

Von: Winanjaya [mailto:winanjaya@xxxxxxxxxxxxxxxx]
Gesendet: Di 18-Sep-07 11:47
An: David Balazic; 'Eero Volotinen'
Cc: 'Klaus Thielking-Riechert'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: RE: [Openvpn-users] unable to ping internal LAN after connectedtoVPN



push "route 172.16.1.0 255.255.255.0"

from openvpn client (10.8.0.4), I am unable to reach any host at 172.16.1.0/24

again my topology as follow:
192.168.1.0/24 --> client --> openvpn (10.8.0.1) --> 172.16.1.0/24


Regards
Winanjaya


-----Original Message-----
From: David Balazic [mailto:David.Balazic@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, September 18, 2007 4:39 PM
To: winanjaya@xxxxxxxxxxxxxxxx; Eero Volotinen
Cc: Klaus Thielking-Riechert; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: AW: [Openvpn-users] unable to ping internal LAN after
connectedtoVPN


???
 
Did you change the "push route" line ?
Did it work afterwards ?
 
David

________________________________

Von: Winanjaya [mailto:winanjaya@xxxxxxxxxxxxxxxx]
Gesendet: Di 18-Sep-07 11:38
An: David Balazic; 'Eero Volotinen'
Cc: 'Klaus Thielking-Riechert'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: RE: [Openvpn-users] unable to ping internal LAN after connectedtoVPN



I don't understand why Default Gateway was empty?


Windows IP Configuration


Ethernet adapter OpenVPN:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.8.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 172.16.1.27
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 172.16.1.5

PPP adapter CBN:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 202.158.107.91
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 202.158.107.91


pls help

TIA

Winanjaya

-----Original Message-----
From: David Balazic [mailto:David.Balazic@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, September 18, 2007 4:17 PM
To: winanjaya@xxxxxxxxxxxxxxxx; Eero Volotinen
Cc: Klaus Thielking-Riechert; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [Openvpn-users] unable to ping internal LAN after
connectedtoVPN


If their default gatweay is the openvpn server, then it should work automatically.

________________________________

From: Winanjaya [mailto:winanjaya@xxxxxxxxxxxxxxxx]
Sent: Tue 18-Sep-07 11:18
To: David Balazic; 'Eero Volotinen'
Cc: 'Klaus Thielking-Riechert'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [Openvpn-users] unable to ping internal LAN after connectedtoVPN



Hi
clients on 172.16.1.0 is not OpenVPN clients.. they are Office's users..

any idea?

Regards
Winanjaya

-----Original Message-----
From: David Balazic [mailto:David.Balazic@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, September 18, 2007 4:11 PM
To: winanjaya@xxxxxxxxxxxxxxxx; Eero Volotinen
Cc: Klaus Thielking-Riechert; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [Openvpn-users] unable to ping internal LAN after
connectedtoVPN


1.) push "route 172.16.1.0 255.255.255.0" instead of push "route 192.168.1. 255.255.255.0"
 
2.) what "clients" on 172.16.1.0 ? OpenVPN clients ?`
 
David

________________________________

From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Winanjaya
Sent: Tue 18-Sep-07 11:11
To: 'Eero Volotinen'
Cc: 'Klaus Thielking-Riechert'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] unable to ping internal LAN after connectedtoVPN




Hi mine was:

192.168.1.0/24 --> client --> openvpn (10.8.0.1) --> 172.16.1.0/24

I want clients on 192.168.1.0/24 should be able to reach 172.16.1.0/24
and all clients on 172.16.1.0/24 should be able to reach 192.168.1.0/24

pls advise

Regards
Winanjaya

-----Original Message-----
From: Eero Volotinen [mailto:eero.volotinen@xxxxxxxxxxx]
Sent: Tuesday, September 18, 2007 3:55 PM
To: winanjaya@xxxxxxxxxxxxxxxx
Cc: 'Klaus Thielking-Riechert'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] unable to ping internal LAN after
connectedtoVPN



Winanjaya kirjoitti:
> Hi..
> it seems like OpenVPN override all routes..
>
> My topology is :
>
> 192.168.1.0/24 --> client --> openvpn
>
> Any idea?

So, remove that push route statement from openvpn server configuration.

Also if there is subnet behind openvpn server, it *cannot* overlap the
lan subnet/ip range.

For example:


192.168.1.0/24 --> client --> openvpn -> 192.168.0.0/24 is correct solution.

--
Eero

***********************
Your mail has been scanned by MSS.
***********-***********



***********************
No virus was detected in the attachment (no filename).

Your mail has been scanned by InterScan.
***********-***********


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users