[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Strange routing behaviour between to networks


  • Subject: Re: [Openvpn-users] Strange routing behaviour between to networks
  • From: "Sebastian Mauer" <sebastian@xxxxxxxxxx>
  • Date: Sun, 30 Dec 2007 22:25:58 +0100

Hello Gabriel,

Here is my Server Config (scooby.maz.lan / 192.168.148.2)

port 1194
proto udp
dev tun
pkcs12 scooby_vpn.p12
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp-vpn.txt
push "route 192.168.148.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
client-config-dir ccd
route 192.168.0.0 255.255.255.0
client-connect ./maz_client_connect.sh
client-disconnect ./maz_client_disconnect.sh
push "dhcp-option DNS 192.168.148.2"
push "dhcp-option WINS 192.168.148.2"
push "dhcp-option NTP 192.168.148.2"
push "dhcp-option DOMAIN maz.vpn"
client-to-client
fast-io
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status-vpn.log
verb 3

I have a client config file for starsky on the VPN Server (ccd/starsky) with
iroute 192.168.0.0 255.255.255.0

Client Config (starsky.rnet.lan/192.168.0.2):
client
dev tun
proto udp
remote myremotes 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 starsky_vpn.p12
ns-cert-type server
comp-lzo
verb 3

-----Ursprüngliche Nachricht-----
Von: Gabriel Rosca [mailto:missnebun@xxxxxxxxx] 
Gesendet: Sonntag, 30. Dezember 2007 22:14
An: Sebastian Mauer
Cc: 'David Balazic'; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: Re: [Openvpn-users] Strange routing behaviour between to networks

Sebastian Mauer wrote:
>
> Hello,
>
>  
>
> Yes, I doublechecked the two VPN gateway, but both have 
> /proc/sys/net/ipv4/ip_forwarding set to 1.
>
>  
>
> This is a traceroute from a station on the network of my parents to a 
> station on the remote network.
>
>  
>
> tracert 192.168.148.3
>
>  
>
> Routenverfolgung zu nas01.maz.lan [192.168.148.3] über maximal 30 
> Abschnitte:
>
>  
>
>   1     1 ms     2 ms     1 ms  gateway.rnet.lan [192.168.0.1] (Local 
> Gateway to the web (has route set up to forward to VPN gateway)
>
>   2     5 ms     4 ms     4 ms  starsky.rnet.lan [192.168.0.2] (Local 
> VPN Gateway)
>
>   3   208 ms   187 ms   186 ms  scooby.maz.lan [10.8.0.1] (Far VPN 
> Gateway)
>
>   4     *        *        *     Zeitüberschreitung der Anforderung.
>
>  
>
> I suspect scooby.maz.lan to be the weak link ;). The strange thing 
> however is that I am able to ping .1 (gateway) and .2 (vpngateway) on 
> each network but no other local station.
>
>  
>
> *Von:* David Balazic [mailto:David.Balazic@xxxxxxxxxxxxxxxxxx]
> *Gesendet:* Samstag, 29. Dezember 2007 20:41
> *An:* Sebastian Mauer; openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> *Betreff:* RE: [Openvpn-users] Strange routing behaviour between to 
> networks
>
>  
>
> Did you trace the packets ?
>
> Do the VPN endpoints have packet forwarding enabled ("routing").
>
>  
>
> David
>
>  
>
> ------------------------------------------------------------------------
>
> *From:* openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of 
> Sebastian Mauer
> *Sent:* Fri 28-Dec-07 01:19
> *To:* openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> *Subject:* [Openvpn-users] Strange routing behaviour between to networks
>
> Hello there,
> I have set up a little OpenVPN Tunnel between my parents and my LAN. 
> However
> I put some work on figuring out the correct settings for routing 
> between the
> two networks it doesn't work as expected.
>
> [My parents LAN]                                     [My LAN]
> 192.168.0.0/24                                       192.168.148.0/24
>
> 192.168.0.2         192.168.0.1                      192.168.148.1
> 192.168.148.2
>
starsky.rnet.lan----gateway.rnet.lan----<TheWeb>----gateway.maz.lan----scoob
y.maz.lan
> (OpenVPN Endpoint)  (WRT54G Router)                   (WRT54G Router)
(OpenVPN Endpoint)
>                            |                                |
>                  ...other hosts on lan              ...other hosts on lan
>
> The OpenVPN Tunnel Subnet is 10.8.0.0
>
> By now I am only able to ping the gateway and OpenVPN Endpoint of each lan
> (and vice versa). Other hosts like 192.168.148.3 can't be reached from a
> station on my parents lan. Please, can someone help me to find out what
> prevents my setup from being able to ping/reach ALL stations from every
> station of the two networks.
>
> Thanks in Advance,
> Sebastian Maui
>
> My routing tables are as follows:
>
> starsky.rnet.lan
> 10.8.0.9 dev tun0  proto kernel  scope link  src 10.8.0.10
> 10.8.0.0/24 via 10.8.0.9 dev tun0
> 192.168.148.0/24 via 10.8.0.9 dev tun0
> 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.2
> default via 192.168.0.1 dev eth0
>
> gateway.rnet.lan
> 62.112.90.254 dev ppp0  src 62.112.90.202
> 10.8.0.0/24 via 192.168.0.2 dev br0
> 192.168.0.0/24 dev br0  src 192.168.0.1
> 192.168.148.0/24 via 192.168.0.2 dev br0
> 127.0.0.0/8 dev lo
> default via 62.112.90.254 dev ppp0
>
> scooby.maz.lan
> 10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1
> 10.7.0.2 dev tun1  proto kernel  scope link  src 10.7.0.1
> 10.0.0.0/24 via 192.168.148.1 dev eth0
> 10.8.0.0/24 via 10.8.0.2 dev tun0
> 192.168.0.0/24 via 10.8.0.2 dev tun0
> 192.168.148.0/24 dev eth0  proto kernel  scope link  src 192.168.148.2
> 10.7.0.0/24 via 10.7.0.2 dev tun1
> default via 192.168.148.1 dev eth0
>
> gateway.maz.lan
> 10.0.0.1 dev eth0.1  scope link
> 217.0.116.146 dev ppp0  proto kernel  scope link  src 80.137.139.86
> 10.8.0.0/24 via 192.168.148.2 dev br-lan
> 192.168.0.0/24 via 192.168.148.2 dev br-lan
> 192.168.148.0/24 dev br-lan  proto kernel  scope link  src 192.168.148.1
> 10.0.0.0/8 dev eth0.1  proto kernel  scope link  src 10.0.0.10
> default via 217.0.116.146 dev ppp0
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   
Can you please show the server.conf and client.conf ? Also, the easy was 
to enable ip_forwarding do vi /etc/sysctl.conf and change 
"net.ipv4.ip_forward = 0" to "net.ipv4.ip_forward = 1". Also on the vpn 
server config name sure you do :

push "route 192.168.148.0 255.255.255.0" whatever lan is behind  the vpn 
server and also route 192.168.0.0 255.255.255.0 whatever subnet you have 
behind the client. Save and then go to the ccd folder under 
/etc/openvpn/ccd or whatever is the path :)) there you have to create a 
file with the name of the client ( if the cleint name is gabe then you 
do vi /et c/openvpn/ccd/gabe and add iroute 192.160.0.0 255.255.255.0 ) 
whatever is the lan behind the client :))

thats all for now :) if you have any issues send me an email :)

Gabe

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users