Stefan Bethke wrote:
> Am 09.02.2008 um 20:47 schrieb Cory Crooks:
>> Anyone had luck with a routed setup sitting behind an Actiontec
>> router (the one's Verizon FIOS uses)?
>> My internal LAN is on 10.74.65.0/24
, my VPN is using 10.8.0.0/24
>> added a routing rule to the router to send all 10.8.0.0
) traffic to 10.74.65.13
(the machine running OpenVPN),
>> but it doesn't seem to fully work.
>> If I connect to the VPN with a machine (and get address 10.8.0.6
>> can then ping 10.8.0.6
from any of the LAN machines (on
), but if I try to ping from 10.8.0.6
to any of the LAN
>> machines, it fails.
>> I did a couple tcpdump trials and it really looks like the ping
>> requests is getting to the pinged machine (say 10.64.75.11
), but the
>> ack for the ping is then not funneling back through the VPN machine,
>> so for some reason it seems the acks aren't routing correctly, but
>> if a request a ping it is.
>> If I add a specific route to one of the machines on the LAN (like
) using "route add -net 10.8.0.0
" (or whatever the correct incantation is), then if I
>> ping that machine from 10.8.0.6
the acks come through. I guess this
>> is the workaround I will use if necessary, but I'd rather have it
>> just work.
> Setting a seperate route on each machine on the LAN is how it's
> supposed to be done.
> By only setting the route on the machine that is the default gateway
> for everyone else (the FiOS router), you're relying on that machine
> and your LAN machines to generate and process ICMP redirects properly,
> and/or your router to properly forward packets out the same interface
> they came in on. I've found that this does not work reliably,
> depending on the exact OS versions and various circumstances.