[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Routing Questions


  • Subject: Re: [Openvpn-users] Routing Questions
  • From: Stefan Bethke <stb@xxxxxxxxxx>
  • Date: Sun, 25 Nov 2007 11:41:41 +0100

Am 24.11.2007 um 18:14 schrieb Gregg:

> Hello,
> I have successfully installed and ran openvpn.
> Here's the scenario
> Server side IP 192.168.2.0
> OVPN on server side resides on a computer with the IP address of  
> 192.168.2.11
> The OVPN IP on the server is 10.8.2.1
>
> The remote OVPN client is 10.8.2.6
>
> The connection is made without a problem. I can ping from 10.8.2.6  
> to 10.8.2.1 and vice versa. The problem arises when I try to ping  
> from 10.8.2.6 to the network behind 10.8.2.1 so I can not ping any  
> of the 192.168.2.0 network. I read quite a bit on the subject and on  
> the OVPN server I pushed the route 192.168.2.0 255.255.255.0
> Also on the server side I added a route to the Router like this  
> 10.8.2.0 255.255.255.0 192.168.2.11
> The 192.168.2.11 being the computer that the openvpn server is  
> installed on.
> What am I missing? I know it's probably a very simple step that I'm  
> missing, I just can't find it.


Is your OpenVPN router also the default gateway for the machines on  
the 192.168.2.0/24 network?  If not, then those machines do not know  
that they need to send packets for 10.8.2.0/24 to 192.168.2.1, and the  
return packets are lost. You either need to add such a route to all  
those machines (a pain), or install the route on the machine that is  
the default gateway, so it can forward packets accordingly.

If you 192.168.2.1 is the default gateway, then the packets are either  
not making it out to 192.168.2.0/24, or the return packets are gobbled  
up.  Get Wireshark and check on the OpenVPN machine and on one of the  
clients to see if both the echo request and the echo response come in  
and out.

Have you enabled packet forwarding on the OpenVPN machine? Most OSes  
do not forward packets between their interfaces (act as a router)  
without explicit configuration.

If you're still stuck, these things might help you get help from the  
list:
- OpenVPN config file from both sides
- Routing table from client, server, and one of the systems in  
192.168.2.0, i. e. output from netstat -r or route print
- Which OS the OpenVPN server runs on


HTH,
Stefan

-- 
Stefan Bethke <stb@xxxxxxxxxx>   Fon +49 170 346 0140


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users