I'm configuring a VPN between my house and my brother's house. In both houses we have the buffalo router dd-wrt with openvpn.
The openvpn server is running in the buffalo configured as bridge/repeater and the lan is the following:
server lan information:
- internal lan: 192.168.2.0/24
internal ip buffalo: 192.168.2.1
internet lan(wireless interface buffalo repeater): 192.168.1.120/24
default gateway: 192.168.1.1
client lan information:
- internal lan: 192.168.0.0/24
ip internal buffalo: 192.168.0.254
internet lan: z.z.z.z/29
gateway : y.y.y.y
where z.z.z.z and y.y.y.y is the ip given by my provider.
server.conf
Code: Select all
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 4
mute 5
log-append /var/log/openvpn
tls-server
mtu-disc yes
topology subnet
script-security 2
port 2194
proto tcp-server
cipher aes-256-cbc
auth sha1
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
comp-lzo yes
client-config-dir /tmp/openvpn/ccd
client-to-client
tcp-nodelay
tun-mtu 1500
server 192.168.66.0 255.255.255.0
dev tun0
local 192.168.1.120
route 192.168.0.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
the client file in the cct directory is the following:
Code: Select all
iroute 192.168.0.0 255.255.255.0
the client configuration is the following:
client.conf
Code: Select all
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 5001
management-log-cache 50
verb 4
mute 5
log-append /var/log/openvpncl
client
tls-client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
mtu-disc yes
dev tun1
proto tcp-client
cipher aes-256-cbc
auth sha1
remote ip.brother.house 2194
tun-mtu 1500
comp-lzo no
The connection between client and server goes up, in fact from client and server I can ping the tunnel ip (192.168.66.1 and 192.168.66.2).
The problem is that the following: in the buffalo server I could not ping the internal client ip (192.168.0.0/24). Using traceroute I see that the packets go through the default gateway of the server router(192.168.1.1).
In the client side, from the buffalo i can ping the internal ip of buffalo (192.168.2.1) but the clients behind the client router are not able to ping the 192.168.2.1.
How could I solve the problem?
I checked also the route table in both routers:
client route table:
Code: Select all
Destination Gateway Genmask Flags MSS Window irtt Iface
y.y.y.y * 255.255.255.255 UH 0 0 0 vlan1
192.168.2.0 192.168.66.1 255.255.255.0 UG 0 0 0 tun1
192.168.0.0 * 255.255.255.0 U 0 0 0 br0
192.168.66.0 * 255.255.255.0 U 0 0 0 tun1
y.y.y.y * 255.255.248.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default z.z.z.z 0.0.0.0 UG 0 0 0 vlan1
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 eth1
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.66.0 * 255.255.255.0 U 0 0 0 tun0
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
Code: Select all
Mon Nov 28 00:34:45 2011 us=166760 casa/z.z.z.z:2186 SENT CONTROL [casa]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route-gateway 192.168.66.1,topology subnet,ping 10,ping-restart 120,socket-flags TCP_NODELAY,ifconfig 192.168.66.2 255.255.255.0' (status=1)
Mon Nov 28 00:36:31 2011 us=587297 casa/93.37.220.223:2186 MULTI: Learn: 192.168.0.104 -> casa/z.z.z.z:2186
Mon Nov 28 01:34:43 2011 us=615586 casa/93.37.220.223:2186 TLS: soft reset sec=0 bytes=50745/0 pkts=724/0
Mon Nov 28 01:34:50 2011 us=836055 casa/93.37.220.223:2186 VERIFY OK: depth=1, /C=IT/ST=PD/L=House/O=House/CN=House_CA/name=Pazzeo/emailAddress=pazzeo29@gmail.com
Mon Nov 28 01:34:50 2011 us=845007 casa/93.37.220.223:2186 VERIFY OK: depth=0, /C=IT/ST=PD/L=House/O=House/CN=casa/name=Pazzeo/emailAddress=myemail@email.com
Mon Nov 28 01:34:53 2011 us=435970 casa/z.z.z.z:2186 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Nov 28 01:34:53 2011 us=436490 casa/z.z.z.z:2186 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 28 01:34:53 2011 us=437358 casa/z.z.z.z:2186 NOTE: --mute triggered...
Could you help me please? I don't understand how I could add the route to 192.168.0.0 in the server side.
Thanks,
Pazzeo