[KLUG Members] re: OpenVPN (bill)
bill
bill at billtron.com
Wed Jun 29 19:19:29 EDT 2005
On Wed, 2005-06-29 at 17:36, Mike Williams wrote:
> I am trying to get an OpenVPN server to grant access to the rest of the
> >LAN it is on. I'm using tunnelling not bridging (TUN not TAP). The
> >server has one NIC. The server LAN also has a WINS server on it. The
> >server and the LAN are behind a hardware firewall.
>
> >The client can connect o.k., and if I disable the server software
> >firewall, the client can ping both the TUN interface IP and the server
> >LAN IP. The server can ping the client.
> >
> >Using server.conf, I have the server pushing the LAN route to the
> >client, as well as a route to the WINS server. I can see the route to
> >the server LAN if I do route print. I can see the WINS server info on
> >the client if I do ipconfig /all.
Addition Note: I can see 192.168.1.5 as the DHCP server on the TUN
device
> >I have ipforwarding set up on the server eth device.
> >
> >Do I need to set forwarding up somehow on the TUN interface?
> >
> IP forwarding is a global setting, so no.
Being as I have to disable the software firewall to ping the server LAN
address, does that somehow affect IP forwarding?
> Can you show what happens if you do a tracert <server LAN> from the
> Windows client? Route print shows the whole subnet as being directed
> through the tunnel, not just the OpenVPN server's IP, right?
tracert 192.168.0.10 (which is the WINS server on the VPN server's LAN)
gives me
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
etc.
Diagram
WinXP client <-> internet <-> hw firewall <-> openvpn server
Client has some dial-up IP address
The client has a VPN IP address of 192.168.1.6
VPN server has a LAN address of 192.168.0.104
VPN server has a VPN TUN address of 192.168.1.1
The client is trying to reach anything in the 192.168.0.x range (the
server is on that LAN).
The server is using one NIC
Route print on the client shows a route to the 192.168.0.x range:
destination netmask gateway interface
192.168.0.0 255.255.255.0 192.168.1.5 192.168.1.6
192.168.1.1 255.255.255.255 192.168.1.5 192.168.1.6
192.168.1.4 255.255.255.252 192.168.1.6 192.168.1.6
192.168.1.6 255.255.255.255 127.0.0.1 127.0.0.1
Does that help?
More information about the Members
mailing list