forwarding traffic through a different interface?

Hi All,

I setup and OpenVPN server that connects NETa (office network) with
NETb (firewall running OpenVPN). All computers on Netb are accessible
through the VPN.

When trying to connect to computers on Neta from Netb the private
packets attempt to go out the default gateway which is the external
public interface on NETb.

For example, pinging HOSTa from the firewall shows a source address of
the public address with the private ip destination.

I am using the SuSEfirewall script on 10.2.

How can I route all traffic destined for NETa (private network)
through the tun0 vpn connection?


Thanks in advance

Hello,

(E-Mail Removed) a écrit :
>
> How can I route all traffic destined for NETa (private network)
> through the tun0 vpn connection?

Check your routing tables and make sure you have the proper routes to NETa.

"(E-Mail Removed)" <(E-Mail Removed)> écrivait
news:(E-Mail Removed) ps.com:

> How can I route all traffic destined for NETa (private network)
> through the tun0 vpn connection?

Add a line in your OpenVPN server configuration file (server.conf) like
this :

push "route 192.168.10.0 255.255.255.0"

This add a route to the client when it connect (and remove it when it
disconnect).

You can add many "push route" in the same configuration.

Note: you must enable ip forwarding on the vpn server of course.

"(E-Mail Removed)" <(E-Mail Removed)> writes:

>Hi All,

>I setup and OpenVPN server that connects NETa (office network) with
>NETb (firewall running OpenVPN). All computers on Netb are accessible
>through the VPN.

>When trying to connect to computers on Neta from Netb the private
>packets attempt to go out the default gateway which is the external
>public interface on NETb.

>For example, pinging HOSTa from the firewall shows a source address of
>the public address with the private ip destination.

That is a dns problem not a routing problem.


>I am using the SuSEfirewall script on 10.2.

>How can I route all traffic destined for NETa (private network)
>through the tun0 vpn connection?

There are two questions here. a) How can stuff be routed (It almost
certainly alreay is. Try doine
ping 10.8.0.1 or whatever a machine IP is on that remote network) and the
traffic will almost certainly pass down the tunnel.

HOwever if you say
ping donald.duck.com ( where donald.duch is the name of one of your remote
machines) it will first go out to the dns server and get the IP address,
and that will almost certainly be a public not private one, as you noticed.
Three solutions: Alsays use IP addresses not names
b) put the names and private IP addresses into /etc/hosts
c) Run a dns server and put in the names and private IPs of the remote
machines.




>Thanks in advance