Hello
I have the following setup:
LAN: 192.168.1.0/24 with internet router/default gateway at 192.168.1.1
OpenVPN server: 192.168.1.3
Specific workstation in LAN: 192.168.1.23
The VPN is set up on 10.8.0.0/24, server being 10.8.0.1 and my client is 10.8.0.14. It is a routed VPN passing by tun0. Default gateway has a route set up to 10.8.0.0/24 via 192.168.1.3.
Most things are working, but I have a strange problem:
Pings from the LAN to the client arrive at the client's tun0 device, but with the router's public IP. Therefore, the client sends its echo-reply back to the public IP and it never finds its way back into the LAN.
If, however, I manually configure the specific workstation with a route to 10.8.0.0/24, communication between this computer and the client works fine, e.g. with the internal IP.
I see that obviously the router must be screwing the packets up while forwarding them to the OpenVPN server. Unfortunately, I don't have any idea on what exactly I have to change. Packets leaving the router on its internal interface should not be altered, should they?
Any help is greatly appreciated.
Routing / IP-Tables problem
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
- krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Routing / IP-Tables problem
[13:52] <krzie> !route_outside_ovpn
[13:52] <vpnHelper> krzie: "route_outside_ovpn" is "route_outside_openvpn" is (#1) http://www.secure-computing.net/wiki/index.php/Graph for a cool graph explaining the route you need to add to your gateway, explained better in section: ROUTES TO ADD OUTSIDE OPENVPN in !route, or (#2) you do not need this if the vpn node IS the gateway for its lan
[13:34] <krzie> !route
[13:34] <vpnHelper> krzie: "route" is (#1) http://www.secure-computing.net/wiki/in ... PN/Routing if you have lans behind openvpn, read it DONT SKIM IT, or (#2) READ IT DONT SKIM IT
Hope that helps
[13:52] <vpnHelper> krzie: "route_outside_ovpn" is "route_outside_openvpn" is (#1) http://www.secure-computing.net/wiki/index.php/Graph for a cool graph explaining the route you need to add to your gateway, explained better in section: ROUTES TO ADD OUTSIDE OPENVPN in !route, or (#2) you do not need this if the vpn node IS the gateway for its lan
[13:34] <krzie> !route
[13:34] <vpnHelper> krzie: "route" is (#1) http://www.secure-computing.net/wiki/in ... PN/Routing if you have lans behind openvpn, read it DONT SKIM IT, or (#2) READ IT DONT SKIM IT
Hope that helps