[LARTC] Openvpn routing problem

To:	lartc@mailman.ds9a.nl
Subject:	[LARTC] Openvpn routing problem
From:	Peter Rabbitson <rabbit@rabbit.us>
Date:	Thu, 15 Mar 2007 10:50:29 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Sender:	lartc-bounces@mailman.ds9a.nl
User-agent:	Icedove 1.5.0.9 (X11/20061220)

Hi,

I posted this question yesterday on the Openvpn mailing list, with noresponse, figured I will ask here too. I have been using openvpn forquite a while, no major problems encountered. Now I need to allow theserver to access the lan of the client, and I can not figure out therouting. This is what I have after the tunnel is brought up:



SERVER (A.A.A.A)

Arx:~# ip addr
...
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
     link/ether 00:04:e2:09:6c:ea brd ff:ff:ff:ff:ff:ff
     inet 192.168.13.1/24 brd 192.168.13.255 scope global eth1
...
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
pfifo_fast qlen 100
     link/[65534]
     inet 10.0.13.1 peer 10.0.13.2/32 scope global tun0

Arx:~# ip route
A.A.A.B dev ppp0  proto kernel  scope link  src A.A.A.A
10.0.13.2 dev tun0  proto kernel  scope link  src 10.0.13.1
10.0.13.0/24 via 10.0.13.2 dev tun0
192.168.13.0/24 dev eth1  proto kernel  scope link  src 192.168.13.1
default dev ppp0  scope link



CLIENT (192.168.9.11, machine behind a router)

root@Thesaurus:~# ip addr
...
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
     link/ether 00:11:09:8d:4f:c1 brd ff:ff:ff:ff:ff:ff
     inet 192.168.9.11/24 brd 192.168.9.255 scope global eth0
...
5: tun_arx: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
pfifo_fast qlen 100
     link/[65534]
     inet 10.0.13.14 peer 10.0.13.13/32 scope global tun_arx

root@Thesaurus:~# ip route
10.0.13.13 dev tun_arx  proto kernel  scope link  src 10.0.13.14
10.0.13.1 via 10.0.13.13 dev tun_arx
192.168.13.0/24 via 10.0.13.13 dev tun_arx
192.168.9.0/24 dev eth0  proto kernel  scope link  src 192.168.9.11
default via 192.168.9.1 dev eth0


 From the client ping 192.168.13.1 works as expected. I want to be able
to ping 192.168.9.20 from the server. So on the server I did:
        ip route add 192.168.9.0/24 via 10.0.13.14 dev tun0
and I got
        RTNETLINK answers: Network is unreachable

Then I tried both
        ip route add 192.168.9.0/24 via 10.0.13.1 dev tun0
        ip route add 192.168.9.0/24 via 10.0.13.2 dev tun0
which seem to work, but the icmp packets vanish in the tunnel. I checked

all my firewall settings and the ip_forward settings on both systems. Ilooked at the tunnel with tcpdump - packets go in and never come out.


Any suggestions?

Thanks
Peter


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Openvpn routing problem, Peter Rabbitson <= Re: [LARTC] Openvpn routing problem, Andre Guimarães

Previous by Date:	Re: [LARTC] Traffic Shaping over Satellite Internet, Oscar Mechanic
Next by Date:	Re: [LARTC] client disconnecting, Alin Ilie
Previous by Thread:	[LARTC] Traffic Shaping over Satellite Internet, Randy Wallace
Next by Thread:	Re: [LARTC] Openvpn routing problem, Andre Guimarães
Indexes:	[Date] [Thread] [Top] [All Lists]