From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Rabbitson Date: Thu, 15 Mar 2007 09:50:29 +0000 Subject: [LARTC] Openvpn routing problem Message-Id: <45F916E5.1070102@rabbit.us> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi, I posted this question yesterday on the Openvpn mailing list, with no response, figured I will ask here too. I have been using openvpn for quite a while, no major problems encountered. Now I need to allow the server to access the lan of the client, and I can not figure out the routing. This is what I have after the tunnel is brought up: SERVER (A.A.A.A) Arx:~# ip addr ... 3: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:04:e2:09:6c:ea brd ff:ff:ff:ff:ff:ff inet 192.168.13.1/24 brd 192.168.13.255 scope global eth1 ... 5: tun0: mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.0.13.1 peer 10.0.13.2/32 scope global tun0 Arx:~# ip route A.A.A.B dev ppp0 proto kernel scope link src A.A.A.A 10.0.13.2 dev tun0 proto kernel scope link src 10.0.13.1 10.0.13.0/24 via 10.0.13.2 dev tun0 192.168.13.0/24 dev eth1 proto kernel scope link src 192.168.13.1 default dev ppp0 scope link CLIENT (192.168.9.11, machine behind a router) root@Thesaurus:~# ip addr ... 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:11:09:8d:4f:c1 brd ff:ff:ff:ff:ff:ff inet 192.168.9.11/24 brd 192.168.9.255 scope global eth0 ... 5: tun_arx: mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 10.0.13.14 peer 10.0.13.13/32 scope global tun_arx root@Thesaurus:~# ip route 10.0.13.13 dev tun_arx proto kernel scope link src 10.0.13.14 10.0.13.1 via 10.0.13.13 dev tun_arx 192.168.13.0/24 via 10.0.13.13 dev tun_arx 192.168.9.0/24 dev eth0 proto kernel scope link src 192.168.9.11 default via 192.168.9.1 dev eth0 From the client ping 192.168.13.1 works as expected. I want to be able to ping 192.168.9.20 from the server. So on the server I did: ip route add 192.168.9.0/24 via 10.0.13.14 dev tun0 and I got RTNETLINK answers: Network is unreachable Then I tried both ip route add 192.168.9.0/24 via 10.0.13.1 dev tun0 ip route add 192.168.9.0/24 via 10.0.13.2 dev tun0 which seem to work, but the icmp packets vanish in the tunnel. I checked all my firewall settings and the ip_forward settings on both systems. I looked at the tunnel with tcpdump - packets go in and never come out. Any suggestions? Thanks Peter _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc