[TriLUG] routing question in openvpn

Ron Kelley rkelleyrtp at gmail.com
Wed May 9 13:02:45 EDT 2012 

Dumb question, but is your OpenVPN server the default gateway specified on the clients?  If not, you will encounter routing issues like this.

Thanks,

-----------------------------
Ron Kelley
rkelleyrtp at gmail.com



On May 9, 2012, at 1:00 PM, Joseph Mack NA3T wrote:

> Problem: my openvpn client can connect to the internal IP of the openvpn server, but not to other boxes on the same internal network.
> 
> Here's the setup
> 
> ----------------
> | client       |
> | tun0=10.8.0.6|
> ----------------
>       | eth0=55.50.x.x
>       |
>       | eth2=55.50.y.y
> ----------------                       --------------
> | tun0=10.8.0.1|     192.168.2.253=eth1|            |
> | vpn server   |-----------------------|random box  |
> |              |eth1=192.168.2.252     |            |
> ----------------                       --------------
>                                       route to 10.8.0.0/24
>                                       via 192.168.2.252
> 
> The client is at the top. The two lower machines are at home. The server is my router. The random box is another box on the home internal network (192.168.2.0/24).
> 
> The openvpn server.conf file pushes the 192.168.2.0/24 network to the client. The client has 192.168.2.0/24 in its routing table.
> 
> client: to server 192.168.2.252: can ping, ssh, nfs mount
>        to server 10.8.0.1 can ping
> 	to server 55.50.y.y can ping
>        to random box: 192.168.2.253 NO ping, no connect
> 
> server to client: 10.8.0.6 ping
>       to client: 55.50.x.x ping
>       to random box: 192.168.2.253 ping
> 
> random box to server: 192.168.2.252 ping
>           to server: 10.8.0.1 ping
>           to client: 10.8.0.6 ping
>           to clinet: 55.50.x.x NO ping
> 
> The client has a route to the random box (192.168.2.0/24) - it's pushed by the openvpn server.conf file. The random box can ping the tun0 interface of the client.
> 
> The client (presumably pinging from 55.50.x.x) and the random box (presumably pinging from 192.168.2.253) can't ping each other.
> 
> Looking at iptables LOGs on the server, when I ping from the client to the random box, packets arrive at server:eth2:U1194 but no packets emerge from tun0:
> 
> I don't even know where to begin. Any ideas anyone?
> 
> Thanks Joe
> 
> -- 
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> -- 
> This message was sent to: Ron Kelley <rkelleyrtp at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web	: http://www.trilug.org/mailman/options/trilug/rkelleyrtp%40gmail.com
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list