OpenVPN assigning public & static IPs to pcs/devices behind an OpenVPN client
Hi there people,
First of all, This is my 1st post and I'm a bit confused with something about OpenVPN which rules,, I have installed on my router, and at my NOC, works like a charm.
I'd like to ask a question divided in parts.
* OpenVPN 2.0.9 on CentOS (Virtualized on VMWare on W2k3 Server) with static IP (8.12.x.xxx) netmask 255.255.255.248 Gateway 8.12.x.145
* Bridged mode setup and 3 public static, valid IPs assigned to clients (WinXP), which use "edirect-gateway" parameter; this is working :). as described by me ;-) on this youtube video here
* Server is also running on a public static IP.
What I want to acomplish:
behind the winxp clients there are Quintum gateways which I'd like to get those public IPs assigned instead of to the XP machines themselves, I'm no network expert, when it comes to routing, but I know some things and it sounds to me as I could instead try a routed setup using 10.8.x.x IPs, then bridge the OpenVPN TAP device to the LAN connection and assign the publc IP to the gateway manually, (which I've already done), confused?, me too., but you're the gurus and that's why I come to the source.
I think I could do as mentioned before, but I don't know that much about routing to carry on with that part, I'm stuck there, I think, I could add.
route "8.12.x.x 255.255.255.248 10.8.0.1" or
route "8.12.x.x 255.255.255.248 8.12.x.145"
But I don't know if it'd work, and If I should push that to the clients (put this on the server.conf or client.conf file).
VPN connects, and I'm able to ping 10.8.x.x machines but I have attached the quintum to the LAN card of my Internet connectd PC, which has two NICs 1 for Internet and one bridged to the TUN/TAP OpenVPN device. Also I assigned a public IP to the quintum with the netmask and the gateway, but I'm not able to ping neother the 10.8.x.x nor 8.12.x.x networks. I know it's routing related issue but I don't knwo how to solve it.
For now as I said the server is assigning public addresses to the clients, but I don't know if it'd be better for me to install OpenVPN on the Windows machine directly and bridge OpenVPN device to the NIC that has the public IPs and assign these to the clients, or should I do it routed mode.
So how could I make this work, DO I need to add routes to server and client so they know where to route each others packets?.
If you need some more info please ask.
Any advise might be greatly appreciated.
Hi. I'd like to help but I don't really understand what you are talking about. Any chance of a diagram, even hand-written? Include all the IP addresses and subnets.
I don't know what a NOC is. I do not understand this sentence at all: "behind the winxp clients there are Quintum gateways which I'd like to get those public IPs assigned instead of to the XP machines themselves"
Ok if there's an attachment on this response.
NOC = Network Operations Center
Quintum = Brand which makes VoIP gateways
VoIP = Voice Over IP
VoIP Gateway = Device used to connect either analog phones or cellular gateways.
What I want to do is simple:
I have a Linux server running openvpn it has a public IP and assigns 10.8.0.0/24 IPs to connecting clients.
There are two client machines in Pakistan both winxp connected to Internet using a USB 3g modem, they also have an Ethernet NIC, which is connected directly to this VoIP gateway.
We have some public IPs available to us that we can assign to the gateways 8.xx.162.147 and 8.xx.162.148 respectively.
So what I want is to be able to route traffic from and to these gateways using the VPN, so that gateways appear to be on another location and they're accessible directly form the internet.
I hope I make myself clear.
Thanks for your reply again
Ok, things are getting clearer. Still some ambiguities. The diagram helps but there are inconsistencies. Like your diagram shows the two XP PCs connected directly to the linux server. But in your text you say the XP PCs are in Pakistan; this suggests the linux server is not in Pakistan? Then you say the XP PCs are connected to voip gateways but you don't say how the server connects to the voip gateways, which it must do in order for a VPN tunnel to exist.
Is it that you have two remote XP PCs that have no local internet access but do have telephone/cellular(?) access? How does the linux server connect to them?
"So what I want is to be able to route traffic from and to these gateways using the VPN, so that gateways appear to be on another location and they're accessible directly form the internet."
Would you be more specific? Route traffic from where? What "location" do you want the gateways to appear to be? When you say "accessible directly from the internet" then what exactly do you mean? They must already be accessible from the internet or your linux server could not talk to them. Or are you saying the linux server talks to them through its own voip gateway? I don't see one in your diagram.
Are you saying that only the linux server has a connection to the XP PCs but that you want to have WAN IP addresses that are assigned to the linux server's internet gateway and forwarded to the XP PCs? You want the linux server to be an internet to voip router?
Eg: the linux server's internet router has WAN IP=126.96.36.199. When a connection is made to 188.8.131.52 from the public internet the packets are routed to the linux server which then routes them to the remote XP PC's gateway.
Let me test my understanding. I think you have the option of having the server either forward packets directly to the voip gateway of the XP PC or forward them to the XP PC via a VPN tunnel. Is that right?
In either case I imagine you need to make iptables entries in your linux server. The server will want to forward packets that originate from the local internet router whose WAN IP=184.108.40.206 to either 10.8.0.2 or to the voip gw IP (8.x.162.147?).
Unless I am missing the point, which is quite likely, I think that your routing should be done using iptables rather than using openVPN route directives.
"Yeah, I think I have answered and made clear some points so pleas If you know what to do please spare some of yout know-how."
I am interested in understanding your problem but I am having trouble parsing your descriptions.
I think you are asking how to provide two VOIP internet gateways in Pakistan that appear on the internet as if they are located in the US, and you want all the connections to be encrypted.
Should I tell you how to do it or should I report you to Homeland Security? ;)
Altho, I'd rather you answer my question, and help me solve this issue, if you can/want obviously.
|All times are GMT -5. The time now is 02:23 PM.|