eth0 tun0 ip forwarding
hi all, here is my linux question:
I have my home network class 192.168.1.X where the DSL router is 192.168.1.1 (Zyxel P-660HN-F1Z). In this class i have a linux box (Enigma2 Ipbox) it's ip is 192.168.1.38. On this box i set up OpenVPN as server, lissening on port 1194, on the Zyxel i've open the port and created the nat to the linux box. then i have a notebook with a 3g connection and open VPN that connects to box, the ip class il 10.8.0.X. So on the box i have eth0 with 192.168.1.38 tun0 with 10.8.0.1 On the Windows 7 notebook i have 10.8.0.6 and the ip from the 3g connection. I can actually ping both the interfaces of the linuxbox but i can't ping other machines on the 192.168.1.XXX network such as the router or the NAS machine. I think i'm missing some routing of the Linuxbos (ip forwarding is enabled). The linux box is Ipbox sh4 Enigma2 Image PKT Nebula v.1 server.conf ;local a.b.c.d port 1194 ;proto tcp proto udp ;dev tap dev tun ;dev-node MyTap ca /var/etc/openvpn/keys/ca.crt cert /var/etc/openvpn/keys/ipbox.crt key /var/etc/openvpn/keys/ipbox.key dh /var/etc/openvpn/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.1.0 255.255.255.0" comp-lzo persist-key persist-tun status openvpn-status.log verb 3 Clientconfig client dev tun proto udp remote remoteipaddress 1194 resolv-retry infinite nobind persist-key persist-tun ca "C:\\openvpn\\ca.crt" cert "C:\\openvpn\\hp-dario.crt" key "C:\\openvpn\\hp-dario.key" comp-lzo verb 3 Wed Jun 27 10:11:21 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011 Wed Jun 27 10:11:21 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Wed Jun 27 10:11:21 2012 LZO compression initialized Wed Jun 27 10:11:21 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Wed Jun 27 10:11:22 2012 Socket Buffers: R=[8192->8192] S=[8192->8192] Wed Jun 27 10:11:22 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Wed Jun 27 10:11:22 2012 Local Options hash (VER=V4): '41690919' Wed Jun 27 10:11:22 2012 Expected Remote Options hash (VER=V4): '530fdded' Wed Jun 27 10:11:22 2012 UDPv4 link local: [undef] Wed Jun 27 10:11:22 2012 UDPv4 link remote: XXXXXXXXX:1194 Wed Jun 27 10:11:22 2012 TLS: Initial packet from XXXXXXXXX:1194, sid=308c0f6a 4fbfa880 Wed Jun 27 10:11:22 2012 VERIFY OK: depth=1, /C=IT/ST=Italy/L=Brescia/O=Rdd/OU=ipbox/CN=ipbox/name=Dario/emailAddress=riodda@XXXX.com Wed Jun 27 10:11:22 2012 VERIFY OK: nsCertType=SERVER Wed Jun 27 10:11:22 2012 VERIFY OK: depth=0, /C=IT/ST=Italy/L=Brescia/O=Rdd/OU=ipbox/CN=ipbox/name=Dario/emailAddress=riodda@XXXX.com Wed Jun 27 10:11:24 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Jun 27 10:11:24 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Jun 27 10:11:24 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Jun 27 10:11:24 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Jun 27 10:11:24 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Jun 27 10:11:24 2012 [ipbox] Peer Connection Initiated with 81.174.12.160:1194 Wed Jun 27 10:11:26 2012 SENT CONTROL [ipbox]: 'PUSH_REQUEST' (status=1) Wed Jun 27 10:11:26 2012 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Wed Jun 27 10:11:26 2012 OPTIONS IMPORT: timers and/or timeouts modified Wed Jun 27 10:11:26 2012 OPTIONS IMPORT: --ifconfig/up options modified Wed Jun 27 10:11:26 2012 OPTIONS IMPORT: route options modified Wed Jun 27 10:11:26 2012 ROUTE default_gateway=109.117.189.18 Wed Jun 27 10:11:26 2012 TAP-WIN32 device [Vpn_Casa] opened: \\.\Global\{64A0AFA2-BB04-4765-8813-046072B63992}.tap Wed Jun 27 10:11:26 2012 TAP-Win32 Driver Version 9.9 Wed Jun 27 10:11:26 2012 TAP-Win32 MTU=1500 Wed Jun 27 10:11:26 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {64A0AFA2-BB04-4765-8813-046072B63992} [DHCP-serv: 10.8.0.5, lease-time: 31536000] Wed Jun 27 10:11:26 2012 Successful ARP Flush on interface [53] {64A0AFA2-BB04-4765-8813-046072B63992} Wed Jun 27 10:11:32 2012 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up Wed Jun 27 10:11:32 2012 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.5 Wed Jun 27 10:11:32 2012 ROUTE: route addition failed using CreateIpForwardEntry: Uno o pił argomenti non validi. [status=160 if_index=53] Wed Jun 27 10:11:32 2012 Route addition via IPAPI failed [adaptive] Wed Jun 27 10:11:32 2012 Route addition fallback to route.exe OK Wed Jun 27 10:11:32 2012 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5 Wed Jun 27 10:11:32 2012 ROUTE: route addition failed using CreateIpForwardEntry: Uno o pił argomenti non validi. [status=160 if_index=53] Wed Jun 27 10:11:32 2012 Route addition via IPAPI failed [adaptive] Wed Jun 27 10:11:32 2012 Route addition fallback to route.exe OK Wed Jun 27 10:11:32 2012 Initialization Sequence Completed Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface rfc-1918 * 255.255.255.255 UH 0 0 0 tun0 rfc-1918 rfc-1918 255.255.255.0 UG 0 0 0 tun0 rfc-1918 * 255.255.255.0 U 0 0 0 eth0 default rfc-1918 0.0.0.0 UG 0 0 0 eth0 From windows 7 i can ping 192.168.1.38 i can ping 10.8.0.1 but not the other 192.168.1.XX. |
create a static route on your Zytel router pointing to anything on the subnet of 10.8.0.0 goes to 192.168.1.38...
so any pings that occur on your 192.168.1.0/24 subnet destined for 10.8.0.0 go to your Zytel router, and then zytel points those to the openvpn server 192.168.1.38 on the clients conf file, you may want to add a route command; route 192.168.1.0 255.255.255.0 so the client knows, any thing on the 198.168.1.0/24 subnet is on the other side of the tunnel... |
All times are GMT -5. The time now is 12:15 AM. |