openVPN + routing problems
Lou Kamenov
lou.kamenov at aeye.net
Fri Dec 13 11:28:49 GMT 2002
In some email I received from "William Cooper"
<williamcooper at data-storm.net> on Fri, 13 Dec 2002 11:10:30 -0000 :
> Morning folks, hope we are all well and such.
>
> Right this morning me and a friend of mine have decided to setup a VPN
> between our networks over the internet, we went for openVPN, after
> scratching our heads for a while and shouting we got a link working
> between our networks.
>
> Anyway heres a pretty diagram to show our setup:
>
>
>
>
> ME friend
>
> gateway -------internet-------- gateway
> 192.168.0.4 10.0.0.254
> | |
> | |
> [switch] [switch]
> | \ | \
> | \VPN client | \VPN server
> | 192.168.0.10 | 10.0.0.99
> | |
> clients clients
> 192.168.0.* 10.0.0.*
>
> Right so when I'm on the VPN client (FreeBSD 4.6 stable), I can ping
> 10.0.0.99 get into its services etc.
>
> and on the VPN server (FreeBSD 4.7 release), my friend can ping
> 192.168.0.10 and get into its services.
>
> Our problem is we want clients on both networks to be able to contact
> each other, so 192.168.0.1 can ping/contact 10.0.0.1 with no problem.
>
>
> What we have done so far is this, the gateway on my side routes
> traffic to other networks (the internet), and we wanted the gateway to
> send traffic for 10.0.0.* to the VPN client, so we added these two
> lines to the rc.conf on the GATEWAY:
>
> static_routes="friend"
> route_friend="10.0.0.0/24 192.168.0.10"
>
> (Please note we aren_t networking geniuses)
>
> So in theory traffic for 10.0.0.* goes to 192.168.0.10, next I added
> this line to the VPN client in rc.conf:
Try natting and then adding the gw? Also, consider using IPSec
it`s much secure.
This paper might give you some hints why it doesnt work.
http://rr.sans.org/firewall/IPSec_VPN.php
And yes, read it - i`m sure you wont be disappointed.
> gateway_enable="YES"
>
> Thinking it would route the traffic down the VPN and reach its
> destination, well No that didn_t happen, when trying to ping 10.0.0.99
> from 192.168.0.1 (windows 2000 professional) I get:
>
> Pinging 10.0.0.99 with 32 bytes of data:
>
> Request timed out.
> Request timed out.
> Request timed out.
> Request timed out.
no wonder the router doesnt now what to do with the packet.
> Please point me into the right direction.
HTH,
cheers,
-lou
----
Lou Kamenov lou at freebsd-bg.org lou.k at hq.aeye.net
FreeBSD BGUG http://www.freebsd-bg.org http://www.aeye.net
Key Fingerprint - 936F F64A AD50 2D27 07E7 6629 F493 95AE A297 084A
One advantage of talking to yourself is that you know at least
somebody's listening. - Franklin P. Jones
More information about the Ukfreebsd
mailing list