Re: Problem with OpenVPN

From: Allen Kistler <ackistler@xxxxxxxxx>
Date: Fri, 13 Oct 2006 03:26:00 GMT

John Oliver wrote:

I built openvpn-2.0.7 on a Red Hat ES 4 machine. I can connect to it
with the OpenVPN GUI from Windows laptops. I get authenticated, get an
IP address, and get my routes from the VPN server.

I can ping and ssh to the VPN server.

I cannot ping or ssh to any other host on the same subnet as the VPN
server.

[snip]

I'm stumped... what more can I do to get this working?

You get nothing back probably because nothing knows that your VPN server
is the gateway back to your VPN client.

You need to enable forwarding on your VPN server
(/proc/sys/net/ipv4/ip_forward).

Then figure out how other machines know how to get packets back. I can
think of two options. (1) run masquerade in netfilter for anything
going out the wired interface and originating from the tun interface or
(2) put an explicit route in everything that your VPN addresses need to
use your VPN server's wired interface as the gateway.

Option (1) is probably simpler.
.

Follow-Ups:
- Re: Problem with OpenVPN
  - From: John Oliver

Prev by Date: Re: Roaming Profiles
Next by Date: davFS - aborted operation but connection still established
Previous by thread: handy DCHP server on Linux
Next by thread: Re: Problem with OpenVPN
Index(es):
- Date
- Thread

Relevant Pages

Re: How to ADD Static Route on a VPN
... Adding routes is hard, because the gateway you ... need to use doesn't exist until the connection is made. ... The VPN server acts as a proxy for the ... remote client, so the remote client should be able to get to any subnet the ...
(microsoft.public.win2000.ras_routing)
WEIRD VPN Behavior
... Ok...I've setup VPN servers many times, but recently I setup a VPN ... But when "I" login the server gets a new route. ... now points to my IP on the VPN server (maybe 10.1.4.0 now ... login the routes stays ok, pointing to 172.20.1.1 and all is fine. ...
(microsoft.public.windows.server.sbs)
VPN re-assigns static routes
... I've got some weirdness going on with a VPN server. ... routes going to remote sites that are getting changed to the Internal ... users how to get to the remote sites. ...
(microsoft.public.win2000.networking)
Re: Problem with OpenVPN
... You need to enable forwarding on your VPN server ... use your VPN server's wired interface as the gateway. ... Traffic can get back to the VPN server just fine... ...
(comp.os.linux.networking)
Re: OpenVPN working between client and server only, but not able to access any machines in server su
... You never mentioned what the IP is for the default gateway of location ... ping from location 2 machine (I can see vpn server and client can ... interface rathertahn eth interface, do I have to specify interface ...
(comp.os.linux.networking)