Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > OpenVPN/VPN routing problem

Reply
Thread Tools Display Modes

OpenVPN/VPN routing problem

 
 
stefan
Guest
Posts: n/a

 
      12-16-2003, 05:30 PM
hi all,

i'm trying to install a vpn-tunnel using OpenVPN between a number of
clients and a vpn-server. my setup is as follows:

|--------------|
________ | |
| client | | 129.x.20.249 (eth0)
| | | (129.x.20.248/29)
| | | ________
-------- | | fire- |
129.x.10.10/24 ------ | wall |
| |
--------
129.x.20.6 (eth2) 129.x.20.9 (eth1)
(129.x.20.0/29) (129.x.20.8/29)
| |
________ _________
| vpn- | | internal|
| gateway| | server |
| (DMZ) | | |
-------- ---------
129.x.20.1 129.x.20.10
(129.x.20.0/29) (129.x.20.8/29)

the client uses OpenVPN for windows. FW (3 NICs), the vpn-gateway in
the DMZ and the internal server are running on linux

(kernel 2.4.20).

i'm connecting from 129.x.10.10 to 129.x.20.249 (FW).
on the FW iptables is doing some NAT, so packets are sent directly to
the vpn-gateway in the DMZ:
iptables -t nat -A PREROUTING -i eth0 -p udp -d 129.x.20.249 --dport
5000 -j DNAT --to 129.x.20.1

the vpn-tunnel between the vpn-client and the server is up and
functioning. i can ping (the vpn gateway-server) through the tunnel,
but i am not able to ping hosts residing in the same network
(129.x.20.0/29) as the vpn-server or other networks (e.g.
129.x.20.8/29).
i suppose there's something wrong with my routing.

the tunnel-endpoints are 10.1.0.2 (client), 10.1.0.1 (vpn-gateway).
on the vpn-gateway ip_forward is enabled.
on the client no special routes are defined. i already tried to setup
routes to e.g. 129.x.20.10 through the tunnel ("route add 129.x.20.10
255.255.255.248 10.1.0.1"), but windows said "wrong gateway".
IMPORTANT: i like to stay with the described ip-addresses (so i DON'T
like to use 10.x.x.x or 192.168.x.x for DMZ or internal network) - if
possible;-)

my questions now are:
- is the setup correct?
- do i need a second NIC in the vpn-gateway to get things up?
- is there a solution with iproute2?
- do i have to setup NAT on the vpn-gateway too?
- should i bind a second (official) ip-address on the NIC in the
vpn-gateway?
- i also tried to use ip-addresses from the net of the vpn-gateway
(129.x.20.0/29) for the tunnel-endpoints. but it didn't work either.

i'm a beginner with ip-routing so any hints are really appreciated!

thanx!!
stefan baierl
 
Reply With Quote
 
 
 
Reply

« Iptables nat firewall under fedora core 1 | Machine dropped off net (probably a simple answer) »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
openvpn problem Marco Linux Networking 2 11-21-2008 05:35 AM
Problem with Openvpn Wojtek_news Linux Networking 1 09-17-2007 01:02 PM
Problem with OpenVPN John Oliver Linux Networking 4 10-13-2006 08:00 PM
OpenVPN UDP Problem Florian Linux Networking 8 07-28-2005 09:06 AM
OpenVPN configuration problem Franck Linux Networking 4 06-17-2005 04:11 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11