[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Server behind router. Can see/ping server, but not others on server's LAN


  • Subject: Re: [Openvpn-users] Server behind router. Can see/ping server, but not others on server's LAN
  • From: Mi <mi.lists@xxxxxxx>
  • Date: Thu, 07 Feb 2008 15:47:00 +0100

Thank you, it now works!

I had already started replying, when I realized forwarding was not 
active on the server, so I post everything in case it helps someone else.

> Maybe you forgot to specify:
>
> push "route 192.168.24.0 255.255.0.0" 
>   

No, that was OK. See server.conf at end.

> try pinging the OpenVPN address of your server from the LAN, e.g. 
> something like
>  ping 10.24.0.1
> does that work?

Yes, machines on the server's LAN can ping the VPN server's tun 
interface at 10.24.0.1.
However, they could not ping me (the remote client at 10.24.0.6)...

> If yes, then check routing on the openvpn server:
>  cat /proc/sys/net/ipv4/ip_forward

That was the problem! Even though I had done

    echo "net.ipv4.conf.default.forwarding=1" >> /etc/sysctl.conf
    sysctl -p

Checking with "cat /proc/sys/net/ipv4/ip_forward" showed 0. After doing

     echo 1 > /proc/sys/net/ipv4/ip_forward

It now all works.

> what does "there are no iptables rules" mean exactly? plz post the 
> output of 'iptables -L -n -v'

Empty chains INPUT, FORWARD and OUTPUT. All 3 with policy ACCEPT.

> also, posting your client and server config files might also help.

Obviously, the 3 important things are:

- Port forwarding on the server's gateway (at this point, the server is 
accessible but not the rest of it's LAN)

- "Static route" (Zyxel terminology?) config. in the gateway
- "echo 1 > /proc/sys/net/ipv4/ip_forward" on the VPN server

Thanks a lot,

MI

=====================================================
C:\>type "Program Files\OpenVPN\config\client1.ovpn"

client
dev tun
proto udp

remote remote.gateway.public-ip.tld 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.pem
cert client1.pem
key client1.key

comp-lzo
verb 3

=====================================================
$ cat /etc/openvpn/server.conf
local 192.168.24.4
port 1194
proto udp
dev tun

ca   /etc/ssl/certs/ca.pem
cert /etc/ssl/certs/vpn-server.pem
key  /etc/ssl/private/vpn-server.key
dh   /etc/openvpn/dh1024.pem
crl-verify /etc/ssl/crl.pem

server 10.24.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4

push "route 192.168.24.0 255.255.255.0"
client-to-client
push "dhcp-option DNS 192.168.24.4"
push "dhcp-option WINS 192.168.24.4"
=====================================================


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users