It is currently 17.10.2017 05:49


All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Routing from Server to client question
PostPosted: 17.04.2010 01:56 
DES
DES

Joined: 16.04.2010 23:47
Posts: 2
Remote 1

PC1
192.168.0.100
-------------
|
| router
|192.168.0.151
|
|
|
WWW
|
|
|
router - Central Site
192.168.1.1
|
|
OpenVPN server -------- Main Server
192.168.1.2------------ 192.168.1.10


PC1 is an XP
Main server is Vista
VPN Server is Suse 11.1


Hello,

In the above scenario, I would like the Main server to send information to remote sites. I have set up the OpenVPN server that creates TUN0 (inet

addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255).

When the PC1 opens the VPN, the address given is 10.8.0.6 for PC1 with 10.8.0.5 (/254) for the other end.


Problem, the Main Server cannot reach the PC1's IP (192.168.0.100):

linux-4022:/etc/openvpn # ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
From 192.168.153.1: icmp_seq=1 Packet filtered
From 192.168.153.1 icmp_seq=1 Packet filtered
From 192.168.153.1 icmp_seq=2 Packet filtered
^C

(What the hell is 192.168.153.1 by the way?)


But the PC1 can reach the main server with no problem. Sniffing I found the src address is the TUN one: 10.8.0.6
If I ping that one from the main server it works, but I cannot work with it in Windows (cannot map a drive to it).

Yes, I have a static route in my router pointing to 10.8.0.0/24 via 192.168.1.2, although I do not think this is needed if I have the same in the Main-server

itself:

Destino de red Máscara de red Puerta de enlace Interfaz Métrica
10.8.0.0 255.255.255.0 192.168.1.2 192.168.1.10 21
192.168.0.0 255.255.255.0 192.168.1.2 192.168.1.10 21


Also tryed with:
route delete 192.168.0.0 mask 255.255.255.0 192.168.1.2
route add -p 192.168.0.0 mask 255.255.255.0 10.8.0.6

Still the ping to the PC1 fails.

Went back to the OpenVPN and checked the routes there to find my 192.168.0.0/24 network was not present. Reading around I found I should have configured:

push "route 192.168.1.0 255.255.255.0"
route 192.168.0.0 255.255.255.0 vpn_gateway <---- This particular one

Having configured that, now I see the route in the vpn-server table, but still the ping fails. Now no "Packet filtered" message is actually seen. Just a

blind fail.

linux-4022:/etc/openvpn # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 <-----
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

Ping still fails. Sniffing in the PC1 I only see some few UPDs from the main site's global address.

Next think I was trying was to set manually a route to 192.168.0.0/24 via 10.8.0.6 (instead of the 10.8.0.2 that installs with the vpn_gateway command), but my Suse seems not to like that DEV TUN0, plus I do not think manually configuring a route here should be the way to go.

I've tried enabling IP forwarding. No luck.

Probably I have overlooked something simple, but can't figure out what. How can I make the main-server reach the PC1's IP?

Thanks,
Hector


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Routing from Server to client question
PostPosted: 17.04.2010 06:34 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2185
Connect all roadwarriros on their oprenVPN-IP and it will work.
Here prefer a ccd (client config dir) for "fixed" Roadwarrior IPs depending on its (certificate)common name.

F.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Routing from Server to client question
PostPosted: 18.04.2010 20:47 
DES
DES

Joined: 16.04.2010 23:47
Posts: 2
Thanks dl5ym,

I actually do not know what you meant with "Connect all roadwarriros on their oprenVPN-IP" but I configured your later recommendation (CCD) and works like a charm.

Regards,
Hector


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Routing from Server to client question
PostPosted: 19.04.2010 05:28 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2185
Quote:
addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255).


telle us about your (openvpn)net...
Clients have 10.8.0.6.........IPs
use these openVPN-Adpter IP for communications.
local IP can not work on a roadwarrior - you never knows, what loacal address it gets ..in any wifi/far local lan


F.


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net