From: Peter Rabbitson <rabbit@rabbit.us>
To: lartc@vger.kernel.org
Subject: [LARTC] Openvpn routing problem
Date: Thu, 15 Mar 2007 09:50:29 +0000 [thread overview]
Message-ID: <45F916E5.1070102@rabbit.us> (raw)
Hi,
I posted this question yesterday on the Openvpn mailing list, with no
response, figured I will ask here too. I have been using openvpn for
quite a while, no major problems encountered. Now I need to allow the
server to access the lan of the client, and I can not figure out the
routing. This is what I have after the tunnel is brought up:
SERVER (A.A.A.A)
Arx:~# ip addr
...
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:04:e2:09:6c:ea brd ff:ff:ff:ff:ff:ff
inet 192.168.13.1/24 brd 192.168.13.255 scope global eth1
...
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
pfifo_fast qlen 100
link/[65534]
inet 10.0.13.1 peer 10.0.13.2/32 scope global tun0
Arx:~# ip route
A.A.A.B dev ppp0 proto kernel scope link src A.A.A.A
10.0.13.2 dev tun0 proto kernel scope link src 10.0.13.1
10.0.13.0/24 via 10.0.13.2 dev tun0
192.168.13.0/24 dev eth1 proto kernel scope link src 192.168.13.1
default dev ppp0 scope link
CLIENT (192.168.9.11, machine behind a router)
root@Thesaurus:~# ip addr
...
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:11:09:8d:4f:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.9.11/24 brd 192.168.9.255 scope global eth0
...
5: tun_arx: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
pfifo_fast qlen 100
link/[65534]
inet 10.0.13.14 peer 10.0.13.13/32 scope global tun_arx
root@Thesaurus:~# ip route
10.0.13.13 dev tun_arx proto kernel scope link src 10.0.13.14
10.0.13.1 via 10.0.13.13 dev tun_arx
192.168.13.0/24 via 10.0.13.13 dev tun_arx
192.168.9.0/24 dev eth0 proto kernel scope link src 192.168.9.11
default via 192.168.9.1 dev eth0
From the client ping 192.168.13.1 works as expected. I want to be able
to ping 192.168.9.20 from the server. So on the server I did:
ip route add 192.168.9.0/24 via 10.0.13.14 dev tun0
and I got
RTNETLINK answers: Network is unreachable
Then I tried both
ip route add 192.168.9.0/24 via 10.0.13.1 dev tun0
ip route add 192.168.9.0/24 via 10.0.13.2 dev tun0
which seem to work, but the icmp packets vanish in the tunnel. I checked
all my firewall settings and the ip_forward settings on both systems. I
looked at the tunnel with tcpdump - packets go in and never come out.
Any suggestions?
Thanks
Peter
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2007-03-15 9:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-15 9:50 Peter Rabbitson [this message]
2007-03-15 20:18 ` [LARTC] Openvpn routing problem Andre Guimarães
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45F916E5.1070102@rabbit.us \
--to=rabbit@rabbit.us \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.