[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Watchguard Remote Site Routing Issues with OpenVPN Clients

  • Subject: Re: [Openvpn-users] Watchguard Remote Site Routing Issues with OpenVPN Clients
  • From: Jeremy Cheng <hkdb@xxxxxxxxxx>
  • Date: Fri, 08 Feb 2008 00:13:50 -0800

Erich Titl wrote:
> Jeremy
> Jeremy Cheng wrote:
>> Hi Erich,
>> Thanks for your reply. Here's a shot at what I think might be "relevant":
>> say is our local lan behind the watchguard where the 
>> openvpn server sits. The watchguard builds an ipsec tunnel with 
>> unknown cisco device at our colo managed by a different entity where 
>> the local subnet is The watchguard some how automagically 
>> knows to route traffic coming from to through 
>> the IPSEC tunnel for everything but OpenVPN clients. 
> Not really automagically, there is a tunnel and a route set.

Of course... I am just saying that as in I am not able to edit any of 
the routing config that's related to the tunnel. The routes are 
automatically put in when I created the tunnel which are not displayed 
in the regular routes section of the WG admin UI.

> The servers at colo also have
>> persistent routes setup to know where the return path gateway is for 
>> I don't think it's a firewall issue because why would all other nodes 
>> work?
> Because they are in a known network, whereas your OpenVPN traffic is in 
> a different one.

I am not sure I know what you mean by this. Since I am running bridge 
mode, my OpenVPN IP is just like anyone else's IP in the same subnet. 
Doesn't that qualify it to be virtually in the same network?

>> Any other info I can provide? Other ideas?
> Sure, routing tables, packet dump on the tun interface. Use a tool like 
> tcpdump to look at your packets.
Done all that... had no luck so-far... I have always been able to route 
for OpenVPN clients no prob when I was running a BSD router behind the 
firewall but was hoping I didn't have to do that again.
> cheers
> Erich

Anyways, thanks for the help. I will keep on hacking away to see if I 
can find something. I will report back if I find a solution.

OpenVPN mailing lists