From: Paulo Ricardo Bruck <pauloric@contatogs.com.br>
To: netfilter@vger.kernel.org
Subject: Re: raccon+openvpn route problem....
Date: Fri, 26 Nov 2010 10:12:45 -0200 (BRST) [thread overview]
Message-ID: <31179076.14.1290773565163.JavaMail.root@mercurio> (raw)
In-Reply-To: <4CEECFCD.2030808@freemail.hu>
----- Mensagem original -----
> De: "Gáspár Lajos" <swifty@freemail.hu>
> Para: "Paulo Ricardo Bruck" <pauloric.contatogs.com.br>
> Cc: netfilter@vger.kernel.org
> Enviadas: Quinta-feira, 25 de Novembro de 2010 19:06:21
> Assunto: Re: raccon+openvpn route problem....
> Hi!
>
> Have you tried the "client-to-client" option in the server config?
Yes . the problem its between openvpn and racoon at the same machine...
All branches and Head Quarter using openvpn can talk from each other.
Italy and Head Office in Brazil talk with each other.
I insert a route in openvpn to connect to range xx.xx.xx.xx. in Italy (push "route 10.0.0.0 255.255.255.0")
from another lan at head office in Brazil I can reach Italy ...
thanks in advanced
>
> Swifty
>
> 2010-11-25 21:05 keltezéssel, Paulo Ricardo Bruck írta:
> > Hi Guys
> >
> > After google and ask help at openvpn's forum I'm still w/ no lucky.
> > Please let me know if there is another forum/email list that could
> > help me.
> >
> > That's what I have :
> >
> > Italy ----------------------Brazil HeadQuarter--------------Brazil
> > branch
> > cisco ipsec debian+racoon+openvpn debian+openvpn
> > LAN 10.0.0.0/24 LAN 10.54.0.0/24 LAN 10.54.1.0/24
> > OPENVPN=10.8.0.1 openvpn=10.8.0.2
> >
> > Italy and headquarter in braszil talk w/ each other without problems
> > Headquarter and branch in brazil talk w/ each other without problems
> > branch in Brazil can't talk w/ Italy.
> >
> > using traceroute from branch I get 10.8.0.1 and stop.
> > I'm almost certain that it's a route problem but I dont know how to
> > solve.
> > Any help could be very appreciate.
> >
> > best regards
> >
> > route table at headOffice brazil
> > xx.xx.xx.xx/28 dev eth2 proto kernel scope link src xx.xx.xx.xx
> > 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
> > 10.54.0.0/24 dev eth0 proto kernel scope link src 10.54.0.1
> > default via xx.xx.xx.xx dev eth2
> >
> >
> >
> > route table at branch
> > 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2
> > 10.54.1.0/24 dev eth0 proto kernel scope link src 10.54.1.1
> > 10.0.0.0/24 via 10.8.0.1 dev tun0
> > yy.yy.yy.yy dev eth1 proto kernel scope link src yy.yy.yy.yy
> > default via yy.yy.yy.yy dev eth1
> >
> > ipsec.conf ( HeadOffice Brazil)
> > spdadd 10.54.0.0/16 10.0.0.0/24 any -P out ipsec
> > esp/tunnel/xx.xx.xx.xx-ww.ww.ww.ww/require;
> >
> > spdadd 10.0.0.0/24 10.54.0.0/16 any -P in ipsec
> > esp/tunnel/ww.ww.ww.ww-xx.xx.xx.xx/require;
> >
> > PS how can a see route tables inserted by racoon/ipsec?
> >
> >
> > Paulo Ricardo Bruck
> > consultor
> > http://www.contatogs.com.br
> > --
> > To unsubscribe from this list: send the line "unsubscribe netfilter"
> > in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
next prev parent reply other threads:[~2010-11-26 12:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-25 1:46 [PATCH 0/8] ipvs: ipvs update for nf-next-2.6 Simon Horman
2010-11-25 1:46 ` [PATCH 1/8] IPVS: Backup, Prepare for transferring firewall marks (fwmark) to the backup daemon Simon Horman
2010-11-25 1:46 ` [PATCH 2/8] IPVS: Split ports[2] into src_port and dst_port Simon Horman
2010-11-25 1:46 ` [PATCH 3/8] IPVS: skb defrag in L7 helpers Simon Horman
2010-11-25 1:46 ` [PATCH 4/8] IPVS: Handle Scheduling errors Simon Horman
2010-11-25 1:46 ` [PATCH 5/8] IPVS: Backup, Adding structs for new sync format Simon Horman
2010-11-25 1:46 ` [PATCH 6/8] IPVS: Backup, Adding Version 1 receive capability Simon Horman
2010-11-25 1:46 ` [PATCH 7/8] IPVS: Backup, Change sending to Version 1 format Simon Horman
2010-11-25 1:46 ` [PATCH 8/8] IPVS: Backup, adding version 0 sending capabilities Simon Horman
2010-11-25 13:03 ` [PATCH 0/8] ipvs: ipvs update for nf-next-2.6 Patrick McHardy
2010-11-25 20:05 ` raccon+openvpn route problem Paulo Ricardo Bruck
2010-11-25 21:06 ` Gáspár Lajos
2010-11-26 12:12 ` Paulo Ricardo Bruck [this message]
2010-11-25 21:57 ` fuzzy_4711
2010-11-26 11:42 ` Paulo Ricardo Bruck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=31179076.14.1290773565163.JavaMail.root@mercurio \
--to=pauloric@contatogs.com.br \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.