[KLUG Members] re: OpenVPN (bill)

bill bill at billtron.com
Wed Jun 29 19:19:29 EDT 2005

Previous message: [KLUG Members] re: OpenVPN (bill)
Next message: [KLUG Members] ESR visiting KLUG, press release
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2005-06-29 at 17:36, Mike Williams wrote:
> I am trying to get an OpenVPN server to grant access to the rest of the
> >LAN it is on.  I'm using tunnelling not bridging (TUN not TAP).  The
> >server has one NIC.  The server LAN also has a WINS server on it.  The
> >server and the LAN are behind a hardware firewall.
> 
> >The client can connect o.k., and if I disable the server software
> >firewall, the client can ping both the TUN interface IP and the server
> >LAN IP.  The server can ping the client.
> >
> >Using server.conf, I have the server pushing the LAN route to the
> >client, as well as a route to the WINS server.  I can see the route to
> >the server LAN if I do route print. I can see the WINS server info on
> >the client if I do ipconfig /all.

Addition Note: I can see 192.168.1.5 as the DHCP server on the TUN
device

> >I have ipforwarding set up on the server eth device.  
> >
> >Do I need to set forwarding up somehow on the TUN interface?  
> >
> IP forwarding is a global setting, so no.

Being as I have to disable the software firewall to ping the server LAN
address, does that somehow affect IP forwarding?

> Can you show what happens if you do a tracert <server LAN> from the 
> Windows client?  Route print shows the whole subnet as being directed 
> through the tunnel, not just the OpenVPN server's IP, right?

tracert 192.168.0.10 (which is the WINS server on the VPN server's LAN)
gives me 

1 * * *  Request timed out.
2 * * *  Request timed out.
3 * * *  Request timed out. 
etc.

Diagram

WinXP client  <->   internet  <->   hw firewall  <->  openvpn server


Client has some dial-up IP address
The client has a VPN IP address of 192.168.1.6

VPN server has a LAN address of 192.168.0.104
VPN server has a VPN TUN address of 192.168.1.1

The client is trying to reach anything in the 192.168.0.x range (the
server is on that LAN).

The server is using one NIC

Route print on the client shows a route to the 192.168.0.x range:

destination	netmask		gateway		interface
192.168.0.0	255.255.255.0	192.168.1.5	192.168.1.6
192.168.1.1	255.255.255.255	192.168.1.5	192.168.1.6
192.168.1.4	255.255.255.252	192.168.1.6	192.168.1.6
192.168.1.6	255.255.255.255	127.0.0.1	127.0.0.1

Does that help?

Previous message: [KLUG Members] re: OpenVPN (bill)
Next message: [KLUG Members] ESR visiting KLUG, press release
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list