You are not logged in.
I’ve started experimenting with OpenVPN.
I’ve got a working connection between server and client, but routing doesn’t fully work yet.
The client’s ip address is 192.168.1.1. It works as a router in its LAN.
The server’s ip address is 192.168.0.3. It sits behind a router (192.168.0.1), but with port forwarding I can establish a connection.
From 192.168.0.0/24 I can access any ip in 192.168.1.0/24, but from 192.168.1.0/24 I can only access the VPN server (192.168.0.3), connecting to any other ip in its subnet fails.
These are the routes:
root@server# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.2 * 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 localhost 255.255.255.0 UG 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 lan
169.254.0.0 * 255.255.0.0 U 0 0 0 lan
Default dns.fritz.box 0.0.0.0 UG 9 0 0 lan
root@client# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.1 * 255.255.255.255 UH 0 0 0 tun0
192.168.180.1 * 255.255.255.255 UH 2 0 0 dsl
192.168.180.2 * 255.255.255.255 UH 2 0 0 dsl
192.168.178.0 * 255.255.255.0 U 0 0 0 lan
192.168.1.0 * 255.255.255.0 U 0 0 0 lan
192.168.0.0 * 255.255.255.0 U 0 0 0 tun0
default * 0.0.0.0 U 2 0 0 dsl
cat /proc/sys/net/ipv4/ip_forward
returns "1" in both cases.
Which routes should I add?
Last edited by ferda (2011-09-25 15:47:08)
Offline
Routing looks correct for what you have described.
Find out if the problem is the client or server end, use 'traceroute' or 'mtr' to trace the route and see where it's breaking.
(ie, from a machine in the client network, run `mtr 192.168.0.xxx` where xxx is a host other than 192.168.0.3)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Now that’s funny…
From a machine behind the router I can ping a machine in the other subnet and ssh into it, it’s only the router itself, that can’t ping any machine in the other subnet.
Maybe I should mention that the firmware isn’t exactly bleeding edge…
# uname -a
Linux fritz.box 2.4.17_mvl21-malta-mips_fp_le #1 So 23 Jul 20:14:39 CEST 2006 mips unknown
This is the traceroute output from behind the router
# traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 38 byte packets
1 fritz.box (192.168.1.1) 0.717 ms 0.444 ms 0.288 ms
2 10.0.0.1 (10.0.0.1) 74.171 ms 67.842 ms 66.971 ms
3 192.168.0.1 (192.168.0.1) 69.017 ms 69.421 ms 71.852 ms
#
and this comes from the router itself:
# traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 38 byte packets
1 10.0.0.1 (10.0.0.1) 99.950 ms 79.960 ms 69.965 ms
2 * * *
3 * * *
4 * * *
5 * * *
[…]
Now I’m not sure if this is an OpenVPN related problem, but here is the openvpn version:
# openvpn --version
OpenVPN 2.1_beta14 mipsel-linux [SSL] built on May 29 2006
Developed by James Yonan
Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
Last edited by ferda (2011-09-24 13:47:02)
Offline