[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Watchguard Remote Site Routing Issues with OpenVPN Clients


  • Subject: Re: [Openvpn-users] Watchguard Remote Site Routing Issues with OpenVPN Clients
  • From: Erich Titl <erich.titl@xxxxxxxx>
  • Date: Fri, 08 Feb 2008 07:15:35 +0000

Jeremy

Jeremy Cheng wrote:
> Hi Erich,
> 
> Thanks for your reply. Here's a shot at what I think might be "relevant":
> 
> say 10.0.0.0/24 is our local lan behind the watchguard where the openvpn 
> server sits. The watchguard builds an ipsec tunnel with unknown cisco 
> device at our colo managed by a different entity where the local subnet 
> is 10.0.1.0/24. The watchguard some how automagically knows to route 
> traffic coming from 10.0.0.0/24 to 10.0.1.0/24 through the IPSEC tunnel 
> for everything but OpenVPN clients. 

Not really automagically, there is a tunnel and a route set.

The servers at colo also have
> persistent routes setup to know where the return path gateway is for 
> 10.0.0.0/24.
> 
> I don't think it's a firewall issue because why would all other nodes work?

Because they are in a known network, whereas your OpenVPN traffic is in 
a different one.

> 
> Any other info I can provide? Other ideas?

Sure, routing tables, packet dump on the tun interface. Use a tool like 
tcpdump to look at your packets.

cheers
Erich

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users