openvpn does not forward - Networking

This is a discussion on openvpn does not forward - Networking ; Hi, i try to connect 2 LANs over a openvpn-Connection. It looks like this: +----------+ | client a | +----------+ | | LAN a | +-----------+ | openvpn a | +-----------+ | | Internet | +-----------+ | openvpn b | ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: openvpn does not forward

  1. openvpn does not forward

    Hi,

    i try to connect 2 LANs over a openvpn-Connection. It looks like this:

    +----------+
    | client a |
    +----------+
    |
    | LAN a
    |
    +-----------+
    | openvpn a |
    +-----------+
    |
    | Internet
    |
    +-----------+
    | openvpn b |
    +-----------+
    |
    | LAN b
    |
    +----------+
    | client b |
    +----------+


    I can ping from openvpn a to openvpn b and client b.
    I can ping from openvpn b to openvpn a and client a.
    But i can not ping from client a to client b.

    Firewall is off. ip_forward is on.

    Here is the config of openvpn a:

    remote openvpnb.homeip.net
    dev tun1
    ifconfig 20.12.0.1 20.12.0.2
    route 10.0.0.0 255.255.255.0
    secret /etc/openvpn/secret.key
    port 1195
    writepid /var/run/openvpn


    Here is config of openvpn b:

    remote openvpnb.homeip.net
    dev tun0
    ifconfig 20.12.0.2 20.12.0.1
    route 192.168.10.0 255.255.255.240

    secret /etc/openvpn/secret.key
    port 1195
    writepid /var/run/openvpn


    When I ping from a client to a other client, i can see in tcpdump on the
    tun-device of the opposite-openvpn that the packet arrives. it should be
    send to eth0 but it does not. What is wrong?

    If i masquerade the outgoing packets to the local openvpn, then it works,
    but i dont want to use masquerading.

    Thanks

    Olli

  2. Re: openvpn does not forward

    Oliver Joa wrote:
    > i try to connect 2 LANs over a openvpn-Connection. It looks like this:


    > | client a |
    > | LAN a
    > | openvpn a |
    > | Internet
    > | openvpn b |
    > | LAN b
    > | client b |



    > I can ping from openvpn a to openvpn b and client b.
    > I can ping from openvpn b to openvpn a and client a.
    > But i can not ping from client a to client b.


    You need routing information on client a and client b.

    > Here is the config of openvpn a:
    > route 10.0.0.0 255.255.255.0


    So on client a you need a route to 10.0.0.0/24 via openvpn a

    > Here is config of openvpn b:
    > ifconfig 20.12.0.2 20.12.0.1


    Do you really own 20.12.0.[12]? If not, quit using them and use
    192.168.{whatever} instead

    > route 192.168.10.0 255.255.255.240


    On client b you need a route to 192.168.10.0/28 via openvpn b

    > When I ping from a client to a other client, i can see in tcpdump on the
    > tun-device of the opposite-openvpn that the packet arrives. it should be
    > sent to eth0 but it does not. What is wrong?


    The routing's wrong, or else the IP addresses and/or netmasks for the A
    and B networks are wrong.

    Chris

  3. Re: openvpn does not forward

    Hi,

    On Fri, 08 Jun 2007 11:31:50 +0100, Chris Davies wrote:

    > Oliver Joa wrote:
    >> i try to connect 2 LANs over a openvpn-Connection. It looks like this:

    >
    >> | client a |
    >> | LAN a
    >> | openvpn a |
    >> | Internet
    >> | openvpn b |
    >> | LAN b
    >> | client b |

    >
    >
    >> I can ping from openvpn a to openvpn b and client b.
    >> I can ping from openvpn b to openvpn a and client a.
    >> But i can not ping from client a to client b.

    >
    > You need routing information on client a and client b.
    >
    >> Here is the config of openvpn a:
    >> route 10.0.0.0 255.255.255.0

    >
    > So on client a you need a route to 10.0.0.0/24 via openvpn a


    openvpn a is the default-gw for LAN a
    openvpn b is the default-gw for LAN b

    this should be enough, isn't it?

    As i told you, when i ping from client a to client b, the packet arrives
    at tun-device at openvpn b, but not at eth-device of openvpn b.

    >> Here is config of openvpn b:
    >> ifconfig 20.12.0.2 20.12.0.1

    >
    > Do you really own 20.12.0.[12]? If not, quit using them and use
    > 192.168.{whatever} instead


    i know this, i used it only temporarily to check that it is not a problem
    of routing.

    >> route 192.168.10.0 255.255.255.240

    >
    > On client b you need a route to 192.168.10.0/28 via openvpn b


    default-route?

    >> When I ping from a client to a other client, i can see in tcpdump on the
    >> tun-device of the opposite-openvpn that the packet arrives. it should be
    >> sent to eth0 but it does not. What is wrong?

    >
    > The routing's wrong, or else the IP addresses and/or netmasks for the A
    > and B networks are wrong.


    the netmasks are ok.

    any other idea?

    olli
    >
    > Chris


  4. Re: openvpn does not forward

    Oliver Joa wrote:
    > any other idea?


    If you'd like to email me (remove "-usenet", or accept the Reply-To
    as valid) all the relevant outputs from "ifconfig" (or "IPCONFIG /ALL"
    if Windows based) and "netstat -rn" (or "NETSTAT -rn" if Windows) from
    all four boxes, I'll take a look at it offline with you.

    Chris

+ Reply to Thread