I want to bring three more clients online so those remote sites can access resources at the server site, and I can connect to resources at the remote sites. With the existing config I use shorewall to control the traffic flow.
I believe the the new client (uclibc with three nics) connects ok, but traffic isn't getting routed out the tunnel according to the shorewall logs. The traffic (failed ping attempts) is not detected at all. I can ping, rdp and samba both ways between x.x.120.x and x.x.225.x, but can't get traffic to flow between x.x.221.x or x.x.227.x.
Server.conf:
Code: Select all
local ServerPublic.IP.Address.Here
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/serverkey.crt
key /etc/openvpn/keys/serverkey.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
server 10.7.0.0 255.255.255.0
ifconfig-pool-persist /var/lib/openvpn-ipp.txt
push "route 192.168.120.0 255.255.255.0"
push "route 192.168.119.0 255.255.255.0"
client-config-dir ccd
route 192.168.225.0 255.255.255.0
route 192.168.221.0 255.255.255.0
route 192.168.227.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
max-clients 4
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status-public.log
log-append /var/log/openvpn.log
verb 6
Code: Select all
client
dev tun
proto udp
remote ServerPublic.IP.Address.Here 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/clientthree.crt
key /etc/openvpn/keys/clientthree.key
ns-cert-type server
comp-lzo
verb 3