[(kind of?) SOLVED] Routing problem with OpenVPN

ferda · 2011-09-24 10:01:07

I’ve started experimenting with OpenVPN.
I’ve got a working connection between server and client, but routing doesn’t fully work yet.

The client’s ip address is 192.168.1.1. It works as a router in its LAN.

The server’s ip address is 192.168.0.3. It sits behind a router (192.168.0.1), but with port forwarding I can establish a connection.

From 192.168.0.0/24 I can access any ip in 192.168.1.0/24, but from 192.168.1.0/24 I can only access the VPN server (192.168.0.3), connecting to any other ip in its subnet fails.

These are the routes:

root@server# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.2        *               255.255.255.255 UH    0      0        0 tun0
192.168.1.0     localhost       255.255.255.0   UG    0      0        0 tun0
192.168.0.0     *               255.255.255.0   U     0      0        0 lan
169.254.0.0     *               255.255.0.0     U     0      0        0 lan
Default         dns.fritz.box   0.0.0.0         UG    9      0        0 lan

root@client# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.1        *               255.255.255.255 UH    0      0        0 tun0
192.168.180.1   *               255.255.255.255 UH    2      0        0 dsl
192.168.180.2   *               255.255.255.255 UH    2      0        0 dsl
192.168.178.0   *               255.255.255.0   U     0      0        0 lan
192.168.1.0     *               255.255.255.0   U     0      0        0 lan
192.168.0.0     *               255.255.255.0   U     0      0        0 tun0
default         *               0.0.0.0         U     2      0        0 dsl

cat /proc/sys/net/ipv4/ip_forward

returns "1" in both cases.

Which routes should I add?

Last edited by ferda (2011-09-25 15:47:08)

fukawi2 · 2011-09-24 11:57:01

Routing looks correct for what you have described.

Find out if the problem is the client or server end, use 'traceroute' or 'mtr' to trace the route and see where it's breaking.
(ie, from a machine in the client network, run `mtr 192.168.0.xxx` where xxx is a host other than 192.168.0.3)

ferda · 2011-09-24 13:45:49

Now that’s funny…

From a machine behind the router I can ping a machine in the other subnet and ssh into it, it’s only the router itself, that can’t ping any machine in the other subnet.

Maybe I should mention that the firmware isn’t exactly bleeding edge…

# uname -a
Linux fritz.box 2.4.17_mvl21-malta-mips_fp_le #1 So 23 Jul 20:14:39 CEST 2006 mips unknown

This is the traceroute output from behind the router

# traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 38 byte packets
 1  fritz.box (192.168.1.1)  0.717 ms  0.444 ms  0.288 ms
 2  10.0.0.1 (10.0.0.1)  74.171 ms  67.842 ms  66.971 ms
 3  192.168.0.1 (192.168.0.1)  69.017 ms  69.421 ms  71.852 ms
#

and this comes from the router itself:

# traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 38 byte packets
 1  10.0.0.1 (10.0.0.1)  99.950 ms  79.960 ms  69.965 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
[…]

Now I’m not sure if this is an OpenVPN related problem, but here is the openvpn version:

# openvpn --version
OpenVPN 2.1_beta14 mipsel-linux [SSL] built on May 29 2006
Developed by James Yonan
Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>

Last edited by ferda (2011-09-24 13:47:02)

Arch Linux

#1 2011-09-24 10:01:07

[(kind of?) SOLVED] Routing problem with OpenVPN

#2 2011-09-24 11:57:01

Re: [(kind of?) SOLVED] Routing problem with OpenVPN

#3 2011-09-24 13:45:49

Re: [(kind of?) SOLVED] Routing problem with OpenVPN

Board footer