Re: [LARTC] Openvpn routing problem

From: "Andre Guimarães" <ramoni@databras.com.br>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Openvpn routing problem
Date: Thu, 15 Mar 2007 20:18:17 +0000	[thread overview]
Message-ID: <200703151718.17778.ramoni@databras.com.br> (raw)
In-Reply-To: <45F916E5.1070102@rabbit.us>

As described here:
> 10.0.13.2 dev tun0  proto kernel  scope link  src 10.0.13.1
> 10.0.13.0/24 via 10.0.13.2 dev tun0

You are not in the 10.0.13.0/24 entire network, I presume you are 10.0.13.1 
in the 10.0.13.0/30 network, and 10.0.13.2 is the next hop.

> 	ip route add 192.168.9.0/24 via 10.0.13.14 dev tun0
> and I got
> 	RTNETLINK answers: Network is unreachable
Yes, because you can only use gateways that are on the same net as you, and 
you are not on the  10.0.13.0/24.

On Thursday 15 March 2007 06:50, Peter Rabbitson wrote:

> Arx:~# ip addr
> ...
> 3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
>       link/ether 00:04:e2:09:6c:ea brd ff:ff:ff:ff:ff:ff
>       inet 192.168.13.1/24 brd 192.168.13.255 scope global eth1
> ...
> 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
> pfifo_fast qlen 100
>       link/[65534]
>       inet 10.0.13.1 peer 10.0.13.2/32 scope global tun0
>
> Arx:~# ip route
> A.A.A.B dev ppp0  proto kernel  scope link  src A.A.A.A
> 10.0.13.2 dev tun0  proto kernel  scope link  src 10.0.13.1
> 10.0.13.0/24 via 10.0.13.2 dev tun0
> 192.168.13.0/24 dev eth1  proto kernel  scope link  src 192.168.13.1
> default dev ppp0  scope link
>
>
>
> CLIENT (192.168.9.11, machine behind a router)
>
> root@Thesaurus:~# ip addr
> ...
> 2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
>       link/ether 00:11:09:8d:4f:c1 brd ff:ff:ff:ff:ff:ff
>       inet 192.168.9.11/24 brd 192.168.9.255 scope global eth0
> ...
> 5: tun_arx: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
> pfifo_fast qlen 100
>       link/[65534]
>       inet 10.0.13.14 peer 10.0.13.13/32 scope global tun_arx
>
> root@Thesaurus:~# ip route
> 10.0.13.13 dev tun_arx  proto kernel  scope link  src 10.0.13.14
> 10.0.13.1 via 10.0.13.13 dev tun_arx
> 192.168.13.0/24 via 10.0.13.13 dev tun_arx
> 192.168.9.0/24 dev eth0  proto kernel  scope link  src 192.168.9.11
> default via 192.168.9.1 dev eth0
>
>
>   From the client ping 192.168.13.1 works as expected. I want to be able
> to ping 192.168.9.20 from the server. So on the server I did:
> 	ip route add 192.168.9.0/24 via 10.0.13.14 dev tun0
> and I got
> 	RTNETLINK answers: Network is unreachable
>
> Then I tried both
> 	ip route add 192.168.9.0/24 via 10.0.13.1 dev tun0
> 	ip route add 192.168.9.0/24 via 10.0.13.2 dev tun0
> which seem to work, but the icmp packets vanish in the tunnel. I checked
> all my firewall settings and the ip_forward settings on both systems. I
> looked at the tunnel with tcpdump - packets go in and never come out.
>
> Any suggestions?
>
> Thanks
> Peter
>
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

-- 
André Guimarães
Databras Informática
Matriz RJ - 55 (21) 2518-2363
Filial ES - 55 (27) 3233-0098
http://www.databras.com.br
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc