[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Routed behind Actiontec Verizon FIOS?

  • Subject: Re: [Openvpn-users] Routed behind Actiontec Verizon FIOS?
  • From: "Cory Crooks" <thatnerdyguy@xxxxxxxxx>
  • Date: Sun, 10 Feb 2008 10:17:22 -0500

Ok, thanks. I guess I'll resolve to either set the default gateway for each machine on my LAN to the VPN machine, or just establish routes on each machine back to the VPN for the VPN subnet.

Thanks again.

On Feb 10, 2008 7:02 AM, Aidan Anderson <mail@xxxxxxxxxxxxxxxxxxx> wrote:
Stefan Bethke wrote:
> Am 09.02.2008 um 20:47 schrieb Cory Crooks:
>> Anyone had luck with a routed setup sitting behind an Actiontec
>> router (the one's Verizon FIOS uses)?
>> My internal LAN is on, my VPN is using, I
>> added a routing rule to the router to send all (netmask
>> traffic to (the machine running OpenVPN),
>> but it doesn't seem to fully work.
>> If I connect to the VPN with a machine (and get address, I
>> can then ping from any of the LAN machines (on
>>, but if I try to ping from to any of the LAN
>> machines, it fails.
>> I did a couple tcpdump trials and it really looks like the ping
>> requests is getting to the pinged machine (say, but the
>> ack for the ping is then not funneling back through the VPN machine,
>> so for some reason it seems the acks aren't routing correctly, but
>> if a request a ping it is.
>> If I add a specific route to one of the machines on the LAN (like
>> using "route add -net NETMASK GW
>>" (or whatever the correct incantation is), then if I
>> ping that machine from the acks come through. I guess this
>> is the workaround I will use if necessary, but I'd rather have it
>> just work.
> Setting a seperate route on each machine on the LAN is how it's
> supposed to be done.
> By only setting the route on the machine that is the default gateway
> for everyone else (the FiOS router), you're relying on that machine
> and your LAN machines to generate and process ICMP redirects properly,
> and/or your router to properly forward packets out the same interface
> they came in on. I've found that this does not work reliably,
> depending on the exact OS versions and various circumstances.
I have had the exact same scenario but I have a linux router running
Shorewall firewall.  This has a routeback directive you can apply to the
interface to allow traffic arriving on the interface to be routed back
out the same interface.  You might want to check the options on the
Ationtec router to see if you can do something similar.


This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
Openvpn-users mailing list