LAN to LAN issues
Posted: Tue Dec 28, 2010 3:39 pm
Hi there,
I can't seem to get this working. For some reason I don't understand the online howto's...
Setup:
- I have a linux box behind a firewall which is the openvpn server (eth0=10.0.10.11)
- I have a firewall/gateway which is the client openvpn box (bond0=192.168.16.2).
I've punched my server-site firewall to forward port 1194 udp to 10.0.10.11.
Openvpn creates the tunnel and I can ping from 192.168.16.2 to 10.0.10.11. tcpdump on the server-site tells me that it receives "echo request" from 10.1.10.6 which is tun0 on the client-site. This is a problem since I don't want to NAT
I also want to be able to connect from a machine on the client-site (192.168.16.x) to a machine on server-site (10.0.10.x) and back. I've tried every route add ..., push "route ..." option I can think of. But for some reason I can't get it to work.
Here is my server-site setup:
And here the client site:
I can't seem to get this working. For some reason I don't understand the online howto's...
Setup:
- I have a linux box behind a firewall which is the openvpn server (eth0=10.0.10.11)
- I have a firewall/gateway which is the client openvpn box (bond0=192.168.16.2).
I've punched my server-site firewall to forward port 1194 udp to 10.0.10.11.
Openvpn creates the tunnel and I can ping from 192.168.16.2 to 10.0.10.11. tcpdump on the server-site tells me that it receives "echo request" from 10.1.10.6 which is tun0 on the client-site. This is a problem since I don't want to NAT
I also want to be able to connect from a machine on the client-site (192.168.16.x) to a machine on server-site (10.0.10.x) and back. I've tried every route add ..., push "route ..." option I can think of. But for some reason I can't get it to work.
Here is my server-site setup:
Code: Select all
# ifconfig eth0
inet addr:10.0.10.11 Bcast:10.0.10.255 Mask:255.255.255.0
# ifconfig tun0
inet addr:10.1.10.1 P-t-P:10.1.10.2 Mask:255.255.255.255
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.10.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.1.10.0 10.1.10.2 255.255.255.0 UG 0 0 0 tun0
10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 10.0.10.1 0.0.0.0 UG 0 0 0 eth0
# cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.vpn.crt
key keys/server.vpn.key
dh keys/dh2048.pem
server 10.1.10.0 255.255.255.0
keepalive 5 10
comp-lzo
user nobody
group nobody
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
status openvpn-status.log
verb 3
push "route 10.0.10.0 255.255.255.0"
Code: Select all
# ifconfig bond0
inet addr:192.168.16.2 Bcast:192.168.16.255 Mask:255.255.255.0
# ifconfig eth0
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.255 Mask:255.255.254.0 // This is a gateway to internet
# ifconfig tun0
inet addr:10.1.10.6 P-t-P:10.1.10.5 Mask:255.255.255.255
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.10.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.1.10.1 10.1.10.5 255.255.255.255 UGH 0 0 0 tun0
192.168.16.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
10.0.10.0 10.1.10.5 255.255.255.0 UG 0 0 0 tun0
87.195.226.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
0.0.0.0 xxx.xxx.xxx.xxx 0.0.0.0 UG 0 0 0 eth0
# cat /etc/openvpn/client.conf
client
remote yyy.yyy.yyy.yyy 1194
dev tun
proto udp
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
ns-cert-type server
comp-lzo
verb 3
