Linode Forum :: OpenVPN Routing

Hi,

just installed OpenVPN. This is my situation:

1 OpenVPN Server, 172.16.0.1
2 OpenVPN Client, 172.16.0.6

On my OpenVPN client (Windows) i also am connected to a LAN 192.168.1.0/24.

As i want reach my LAN from the Server, i've added 2 lines to my openvpn.conf:

client-config-dir ccd
route 192.168.1.0 255.255.255.0

And then, in the /etc/openvpn/ccd/foo1 file, this line:

iroute 192.168.1.0 255.255.255.0

I'm sure the Client's name is foo1 because in the ipp.txt file i have this line:

foo1,172.16.0.4

After that, i've restarted OpenVPN daemon, then tried, from the Server, to ping 192.168.1.1 or other IPs, but i always get a timeout error.

Can you please help me?

Thankyou

I have a news:

I've enabled the ipv4 forwarding on my client.

Now from the server i can ping the LAN ip of the client (192.168.1.104), but still can't ping any other host in the lan.

Giorgio

Jan 18 19:37:21 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.104 -> foo1/87.0.143.206:2313
Jan 18 19:55:08 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.103 -> foo1/87.0.143.206:2313

li150-216:/etc/openvpn# tcpdump -nS not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:06:18.721816 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:21.828708 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:21.830154 arp who-has 192.168.144.7 tell 192.168.144.70
20:06:21.830348 arp reply 192.168.144.7 is-at fe:fd:6d:4a:cb:cb
20:06:21.830356 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13312, length 40
20:06:27.133309 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:27.133505 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13568, length 40
20:06:28.180389 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:32.631906 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:32.632099 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13824, length 40
20:06:38.942689 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:42.115622 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 53

21:21:01.410901 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 88, length 64
21:21:02.410968 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 89, length 64
21:21:03.680817 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 1, length 64
21:21:04.681424 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 2, length 64
21:21:05.679867 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 3, length 64
21:21:06.684179 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 4, length 64
21:21:07.683099 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 5, length 64
21:21:08.680125 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 6, length 64
21:21:09.680222 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 7, length 64
21:21:10.680686 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 8, length 64
21:21:11.679803 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 9, length 64
21:21:12.680255 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 10, length 64
21:21:13.681900 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 11, length 64

Author:	solounaltronick [ Mon Jan 18, 2010 3:50 pm ]
Post subject:	OpenVPN Routing
Hi, as suggested by the support i'm going to post here what 've already posted on the OpenVPN Mailing List, as it could be a Linode-related issue. Quote: Hi, just installed OpenVPN. This is my situation: 1 OpenVPN Server, 172.16.0.1 2 OpenVPN Client, 172.16.0.6 On my OpenVPN client (Windows) i also am connected to a LAN 192.168.1.0/24. As i want reach my LAN from the Server, i've added 2 lines to my openvpn.conf: client-config-dir ccd route 192.168.1.0 255.255.255.0 And then, in the /etc/openvpn/ccd/foo1 file, this line: iroute 192.168.1.0 255.255.255.0 I'm sure the Client's name is foo1 because in the ipp.txt file i have this line: foo1,172.16.0.4 After that, i've restarted OpenVPN daemon, then tried, from the Server, to ping 192.168.1.1 or other IPs, but i always get a timeout error. Can you please help me? Thankyou Then: Quote: I have a news: I've enabled the ipv4 forwarding on my client. Now from the server i can ping the LAN ip of the client (192.168.1.104), but still can't ping any other host in the lan. Giorgio Now i've also tried to set up another route, to access FROM my pc to the linode private network. I added to my openvpn.conf this line: Code: push "route 192.168.128.0 255.255.128.0" But doesn't work. From the Client i can only ping my linode's private ip, not other ones. Any idea? IPV4 forwarding is enabled, of course. Thankyou EDIT: When i try to ping my lan ips, such as 192.168.103 or 192.168.1.1 from my linode, openvpn logs this: Quote: Jan 18 19:37:21 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.104 -> foo1/87.0.143.206:2313 Jan 18 19:55:08 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.103 -> foo1/87.0.143.206:2313 When i try from the client to ping some private linodes ips, nothing happens. EDIT2: That's a tcpdump, when i try to ping a linode private ip from the client: tcpdump -nS not port 22 Quote: li150-216:/etc/openvpn# tcpdump -nS not port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 20:06:18.721816 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53 20:06:21.828708 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101 20:06:21.830154 arp who-has 192.168.144.7 tell 192.168.144.70 20:06:21.830348 arp reply 192.168.144.7 is-at fe:fd:6d:4a:cb:cb 20:06:21.830356 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13312, length 40 20:06:27.133309 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101 20:06:27.133505 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13568, length 40 20:06:28.180389 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53 20:06:32.631906 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101 20:06:32.632099 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13824, length 40 20:06:38.942689 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53 20:06:42.115622 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 53 When i try to ping an ip of the Client's lan, ie 192.168.1.1 with tcpdump on the client i can see this: Quote: 21:21:01.410901 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 88, length 64 21:21:02.410968 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 89, length 64 21:21:03.680817 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 1, length 64 21:21:04.681424 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 2, length 64 21:21:05.679867 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 3, length 64 21:21:06.684179 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 4, length 64 21:21:07.683099 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 5, length 64 21:21:08.680125 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 6, length 64 21:21:09.680222 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 7, length 64 21:21:10.680686 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 8, length 64 21:21:11.679803 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 9, length 64 21:21:12.680255 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 10, length 64 21:21:13.681900 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 11, length 64

Author:	thefunnyman [ Mon Jan 18, 2010 4:21 pm ]
Post subject:
In order to setup a configuration like this, you'll have to add some routes to your router's configuration as well to properly expose your local lan to the vpn. Maybe that's what you're missing. I'm looking for those settings right now. I'll post back whenever I find them. EDIT: here's a link that describes the router's routing table configuration changes. http://www.ciscopress.com/articles/arti ... 9&seqNum=5 Hope this helps, thefunnyman

Author:	solounaltronick [ Mon Jan 18, 2010 4:25 pm ]
Post subject:
Hi, in my openvpn.conf i have this line that automatically creates the route entry in the server table: route 192.168.1.0 255.255.255.0 so that it's all set up to reach my host (and i reach it as you can see in tcpdump logs). then, openvpn.conf sends to all clients this line: push "route 192.168.128.0 255.255.128.0" to set up on the clients proper rules to reach linode private lan. It's all set, i can verify it with a route print / route -n. Thankyou

Author:	thefunnyman [ Mon Jan 18, 2010 4:29 pm ]
Post subject:
solounaltronick wrote: Hi, in my openvpn.conf i have this line that automatically creates the route entry in the server table: route 192.168.1.0 255.255.255.0 so that it's all set up to reach my host (and i reach it as you can see in tcpdump logs). then, openvpn.conf sends to all clients this line: push "route 192.168.128.0 255.255.128.0" to set up on the clients proper rules to reach linode private lan. It's all set, i can verify it with a route print / route -n. Thankyou OK, well, the settings i mentioned are specific to accessing your local lan FROM the vpn server or machines on it's subnet. Maybe I'm misunderstanding you, but it seems you're referring to reaching vpn server's subnet from your local lan in the quoted reply

Author:	solounaltronick [ Tue Jan 19, 2010 11:09 am ]
Post subject:
Hi, ok sorry my english is not so good. VPN Server (Linode) eth0: Ext IP 1 eth0:1 Ext IP 2 eth0:2 Private IP tun0: 172.16.0.1 VPN Client (My PC) eth0: 192.168.1.102 eth0:0 192.168.1.104 eth0:1 192.168.1.106 tun0: 172.16.0.6 So, FROM the Server, i try to ping 192.168.1.1 that is the Client's LAN Router and it's directly connected to the Client on eth0.

Linode Forum https://forum.linode.com/

OpenVPN Routing https://forum.linode.com/viewtopic.php?f=19&t=5068	Page 1 of 1

Page 1 of 1	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/