Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking
  Print view Previous topic | Next topic 
Author Message
solounaltronick
 Post subject: OpenVPN Routing
PostPosted: Mon Jan 18, 2010 3:50 pm 
Offline
Senior Newbie

Joined: Thu Aug 20, 2009 5:24 am
Posts: 13
Hi,

as suggested by the support i'm going to post here what 've already posted on the OpenVPN Mailing List, as it could be a Linode-related issue.

Quote:
Hi,

just installed OpenVPN. This is my situation:

1 OpenVPN Server, 172.16.0.1
2 OpenVPN Client, 172.16.0.6

On my OpenVPN client (Windows) i also am connected to a LAN 192.168.1.0/24.

As i want reach my LAN from the Server, i've added 2 lines to my openvpn.conf:

client-config-dir ccd
route 192.168.1.0 255.255.255.0

And then, in the /etc/openvpn/ccd/foo1 file, this line:

iroute 192.168.1.0 255.255.255.0

I'm sure the Client's name is foo1 because in the ipp.txt file i have this line:

foo1,172.16.0.4

After that, i've restarted OpenVPN daemon, then tried, from the Server, to ping 192.168.1.1 or other IPs, but i always get a timeout error.

Can you please help me?

Thankyou


Then:

Quote:
I have a news:

I've enabled the ipv4 forwarding on my client.

Now from the server i can ping the LAN ip of the client (192.168.1.104), but still can't ping any other host in the lan.

Giorgio


Now i've also tried to set up another route, to access FROM my pc to the linode private network. I added to my openvpn.conf this line:

Code:
push "route 192.168.128.0 255.255.128.0"


But doesn't work. From the Client i can only ping my linode's private ip, not other ones.

Any idea?

IPV4 forwarding is enabled, of course.

Thankyou

EDIT: When i try to ping my lan ips, such as 192.168.103 or 192.168.1.1 from my linode, openvpn logs this:

Quote:
Jan 18 19:37:21 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.104 -> foo1/87.0.143.206:2313
Jan 18 19:55:08 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.103 -> foo1/87.0.143.206:2313


When i try from the client to ping some private linodes ips, nothing happens.

EDIT2:

That's a tcpdump, when i try to ping a linode private ip from the client:

tcpdump -nS not port 22

Quote:
li150-216:/etc/openvpn# tcpdump -nS not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:06:18.721816 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:21.828708 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:21.830154 arp who-has 192.168.144.7 tell 192.168.144.70
20:06:21.830348 arp reply 192.168.144.7 is-at fe:fd:6d:4a:cb:cb
20:06:21.830356 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13312, length 40
20:06:27.133309 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:27.133505 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13568, length 40
20:06:28.180389 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:32.631906 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:32.632099 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13824, length 40
20:06:38.942689 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:42.115622 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 53


When i try to ping an ip of the Client's lan, ie 192.168.1.1 with tcpdump on the client i can see this:

Quote:
21:21:01.410901 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 88, length 64
21:21:02.410968 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 89, length 64
21:21:03.680817 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 1, length 64
21:21:04.681424 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 2, length 64
21:21:05.679867 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 3, length 64
21:21:06.684179 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 4, length 64
21:21:07.683099 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 5, length 64
21:21:08.680125 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 6, length 64
21:21:09.680222 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 7, length 64
21:21:10.680686 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 8, length 64
21:21:11.679803 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 9, length 64
21:21:12.680255 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 10, length 64
21:21:13.681900 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 11, length 64


Last edited by solounaltronick on Mon Jan 18, 2010 4:22 pm, edited 1 time in total.

Top
   
Reply with quote  
thefunnyman
 Post subject:
PostPosted: Mon Jan 18, 2010 4:21 pm 
Offline
Newbie

Joined: Sun Jan 10, 2010 8:50 pm
Posts: 2
In order to setup a configuration like this, you'll have to add some routes to your router's configuration as well to properly expose your local lan to the vpn. Maybe that's what you're missing. I'm looking for those settings right now. I'll post back whenever I find them.

EDIT:
here's a link that describes the router's routing table configuration changes.

http://www.ciscopress.com/articles/arti ... 9&seqNum=5

Hope this helps,

thefunnyman
Top
   
Reply with quote  
solounaltronick
 Post subject:
PostPosted: Mon Jan 18, 2010 4:25 pm 
Offline
Senior Newbie

Joined: Thu Aug 20, 2009 5:24 am
Posts: 13
Hi,

in my openvpn.conf i have this line that automatically creates the route entry in the server table:

route 192.168.1.0 255.255.255.0

so that it's all set up to reach my host (and i reach it as you can see in tcpdump logs).

then, openvpn.conf sends to all clients this line:

push "route 192.168.128.0 255.255.128.0"

to set up on the clients proper rules to reach linode private lan. It's all set, i can verify it with a route print / route -n.

Thankyou
Top
   
Reply with quote  
thefunnyman
 Post subject:
PostPosted: Mon Jan 18, 2010 4:29 pm 
Offline
Newbie

Joined: Sun Jan 10, 2010 8:50 pm
Posts: 2
solounaltronick wrote:
Hi,

in my openvpn.conf i have this line that automatically creates the route entry in the server table:

route 192.168.1.0 255.255.255.0

so that it's all set up to reach my host (and i reach it as you can see in tcpdump logs).

then, openvpn.conf sends to all clients this line:

push "route 192.168.128.0 255.255.128.0"

to set up on the clients proper rules to reach linode private lan. It's all set, i can verify it with a route print / route -n.

Thankyou


OK, well, the settings i mentioned are specific to accessing your local lan FROM the vpn server or machines on it's subnet. Maybe I'm misunderstanding you, but it seems you're referring to reaching vpn server's subnet from your local lan in the quoted reply
Top
   
Reply with quote  
solounaltronick
 Post subject:
PostPosted: Tue Jan 19, 2010 11:09 am 
Offline
Senior Newbie

Joined: Thu Aug 20, 2009 5:24 am
Posts: 13
Hi,

ok sorry my english is not so good.

VPN Server (Linode)
eth0: Ext IP 1
eth0:1 Ext IP 2
eth0:2 Private IP
tun0: 172.16.0.1

VPN Client (My PC)
eth0: 192.168.1.102
eth0:0 192.168.1.104
eth0:1 192.168.1.106
tun0: 172.16.0.6

So, FROM the Server, i try to ping 192.168.1.1 that is the Client's LAN Router and it's directly connected to the Client on eth0.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Linux Networking


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group