 |  |  |  |  |  |  |  |
routing using openvpn to a private network
 |
Hello Team:
I am trying to access a private network. I have openvpn running on a Linux box, and I would like to access the LAN behind that box. I can establish and ping the vpn tunnel, but I cannot ping any of the boxes behind the openvpn. The network behind the vpn is 192.168.1.0. These are my configuration files for the client and for the server:
client configuration file (Linux, Centos 5.0):
client
dev tun
proto udp
remote 75.22.82.166 1194
ifconfig 10.3.0.2 10.3.0.1
route 192.168.1.0 255.255.255.0
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
tls-auth /etc/openvpn/keys/ta.key 1
cipher BF-CBC
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
comp-lzo
verb 4
;mute 20
server configuration file (Linux, Centos 5.0):
local 75.22.82.166
ifconfig 10.3.0.1 10.3.0.2
port 1194
proto udp
dev tun
daemon
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.3.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0
cipher BF-CBC
comp-lzo
max-clients 25
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4
mute 20
Now let me do some explaining:
192.168.1.0 is the network behind the vpn server that I wan to get access to.
192.168.1.1 is the gateway for the 192.168.1.0 network.
75.22.82.166 is the public IP of the box that the openvpn server is running on.
10.3.0.1 and 10.3.0.2 are the virtual IPs of the openvpn tunnel. These I can ping. However, I cannot ping any box on the 192.168.1.0 network.
Now my routing tables:
routing table for the server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.3.0.2 * 255.255.255.255 UH 0 0 0 tun0
75.22.82.128 * 255.255.255.192 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
10.3.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
269.254.0.0 * 255.255.0.0 U 0 0 eth1
default 75.22.82.129 0.0.0.0 UG 0 0 0 eth0
routing table for client:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.3.0.1 10.3.0.5 255.255.255.255 UGH 0 0 0 tun0
10.3.0.5 * 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
269.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
Please someone help to figure this routing problem out.
Thanks.
--Willie
I am trying to access a private network. I have openvpn running on a Linux box, and I would like to access the LAN behind that box. I can establish and ping the vpn tunnel, but I cannot ping any of the boxes behind the openvpn. The network behind the vpn is 192.168.1.0. These are my configuration files for the client and for the server:
client configuration file (Linux, Centos 5.0):
client
dev tun
proto udp
remote 75.22.82.166 1194
ifconfig 10.3.0.2 10.3.0.1
route 192.168.1.0 255.255.255.0
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
tls-auth /etc/openvpn/keys/ta.key 1
cipher BF-CBC
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
comp-lzo
verb 4
;mute 20
server configuration file (Linux, Centos 5.0):
local 75.22.82.166
ifconfig 10.3.0.1 10.3.0.2
port 1194
proto udp
dev tun
daemon
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.3.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0
cipher BF-CBC
comp-lzo
max-clients 25
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4
mute 20
Now let me do some explaining:
192.168.1.0 is the network behind the vpn server that I wan to get access to.
192.168.1.1 is the gateway for the 192.168.1.0 network.
75.22.82.166 is the public IP of the box that the openvpn server is running on.
10.3.0.1 and 10.3.0.2 are the virtual IPs of the openvpn tunnel. These I can ping. However, I cannot ping any box on the 192.168.1.0 network.
Now my routing tables:
routing table for the server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.3.0.2 * 255.255.255.255 UH 0 0 0 tun0
75.22.82.128 * 255.255.255.192 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
10.3.0.0 10.3.0.2 255.255.255.0 UG 0 0 0 tun0
269.254.0.0 * 255.255.0.0 U 0 0 eth1
default 75.22.82.129 0.0.0.0 UG 0 0 0 eth0
routing table for client:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.3.0.1 10.3.0.5 255.255.255.255 UGH 0 0 0 tun0
10.3.0.5 * 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
269.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
Please someone help to figure this routing problem out.
Thanks.
--Willie
Hello folks:
This is an update regarding this openvpn thread. Both networks, my local network, and the private network running behind the openvpn server are in the same subnet. This makes is difficult/impossible to send traffic from my local network through the vpn server to the private network.
This is an IP overlap issue.
One solution might be changing one of the two networks to a different subnet of different set of IPs. However, I am not the network administrator, assuming this could be done.
If there is anyone out there who can help me figure this IP overlap out, please let me know.
Thanks.
--Willie
This is an update regarding this openvpn thread. Both networks, my local network, and the private network running behind the openvpn server are in the same subnet. This makes is difficult/impossible to send traffic from my local network through the vpn server to the private network.
This is an IP overlap issue.
One solution might be changing one of the two networks to a different subnet of different set of IPs. However, I am not the network administrator, assuming this could be done.
If there is anyone out there who can help me figure this IP overlap out, please let me know.
Thanks.
--Willie
|
Other Threads in the *nix Hardware Configuration Forum
- Previous Thread: Sound Card Detection Problem
- Next Thread: Problems with Epson LQ-570+ under Ubuntu
Views: 3160 | Replies: 1
| Thread Tools | Search this Thread |
Latest *nix Hardware Configuration Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for *nix Hardware Configuration
360 acer amd applications asus atom audio blackberry blind bluray broadband camera canon cellphone censorship centrino ces china chips chipset computers console data dell development digitalcamera ebook eeepc environment epson europe flexibleworking fsc gadget gaming gpu graphics handset hardware hd homersimpson homeworking hp ibm intel japan keyboardpc kindle ladies laptop law linux markets microsoft mobile motoring museum netbook news nintendo nokia notebook nvidia opensource patents pc peripherals photography playstation printer printing processor ps4 quadcore quake replication report reviews rim robot satnav screenflicker sgi smartphone sony speed spot startrek stephenfry supercomputing technology tomtom top10 toshiba tv usb wireless workstation x-rayspecs xbox
