Two Openvpn Tunnels - Breaks Bridging

[msignor]

Hello,

Objective: To use my co-location bandwidth and IP space on a local home server at my home and at the same time provide remote access to my home. My home router also provides a default route so that mine and my girlfriends job's can not not block / monitor my traffic when we use our laptops. Additionally - I only care about using colocation IP space on the single home server - not the whole network (remote users who VPN to the home network, dont need to use the VPN tunnel to the colocation)

Setup -
Linksys e3000 - DDWRT (10.13.31.1) set up as a home router. Openvpn is listening on 10.13.30.1 and assigns in the 30.X range to clients. (bridging & push default route enabled)

Web Box - "voyage" (10.13.31.2 & 10.13.31.3) - Set up as VPN client to VPN server at colocation (push default route enabled). Received appropriate IP and Route info.

Situation -

I can VPN into the DDWRT box, and reach all of my 10.13.31.X IP's with SSH Web just fine. Once I activate the VPN client on the voyage box I am no longer able to reach voyage. However I can still access other 10.13.31.X devices (ip cam).

The catch is that if I SSH'd into the DDWRT box, I can ping / ssh into the voyage box using local 10.13.31.X ip's... AND I can successfully access the machine using my public IP space...

I just can't VPN to home, and reach the local voyage box directly.. i always have to SSH to the router then SSH to Voyage..

---

Any ideas?

Thanks! Matt

[janjust]

your setup seems rather complex - can you add some ascii art?

it's not uncommon for the VPN endpoints themselves to become unreachable when a VPN tunnel is up - this is often a routing misconfiguration: remember that all packets leaving the VPN client via the tunnel will have the VPN endpoint IP as the source address, and not the LAN IP

Finally, are you redirecting all traffic on the VPN client? it would also help if you could post your (sanitized) openvpn config files.

[msignor]

Maybe this would be simpler - heh
----

I surf the net from work in a linux VM and have openvpn set up back home so I can use my home IP-space / DNS. I'm in sales and its quite annoying to have content filtering on EVERYTHING! and the IT guy here is whoa paranoid.. anyway...

I also have just put up a torrent / download box that I use since I dont want to pay extra for a DVR since I have started to travel more.. I essentially download to the server and I can easily copy to my notebook / tablet when I am home off the lan.

Issue now is that I don't want to have any kind of tracing back to me.. I googled for a reputable proxy service and found a good one who will give me a VPN tunnel and I can download through their IP's.

So I have my house VPN all set up - and I am trying to ALSO use the proxy VPN on a single machine on the LAN.

----

Issue really that when I connect to the colo, the download / torrent box becomes completely unreachable (even through home wan port forwards) unless I am sitting on the physical wired network.. However, I know VPN on the router is working since I can SSH to other LAN devices.. just not the download box.... I also can SSH into the download box from one of those LAN machines

---

Code: Select all

Me @ Work (VPN - 10.13.30.X)
| 
Home Inet                                                            Colo Inet 
|                                                                             |
DDWRT Router .31.1 (VPN srv .30.1)                   proxy Box (obviously on colo inet - 10.10.10.X)
|                                                                             |
Switch ------> OTHER LAN Machines                         |
|                                                                             |
Voyage (download Box .31.2 )  ----VPN----------------------|                                   

----

Voyage Client Config:
client
dev tun
proto udp
remote vpn.XXX.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/XXX.ca.crt
comp-lzo
verb 3
auth-user-pass
auth-nocache

Server Config - Unknown