Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
so instead I've tried routing traffic to my Dedicated Server via 10.10.0.29 (to P-t-P for my laptops VPN), which atleast works with the route command.
I can see the packets getting to my Dedicated Server (with tcpdump), but then once they reach there, I still can't route them back down my own VPN to the 10.10.0.6 client. The same issue as above crops up when trying to use a VPN client as the gateway.
Both servers (the Dedicated and my home one have ip_forward set.
This is really bugging me now, do I need some iptables rules set on the Dedicated Server since the route command won't accept a VPN client as the gateway?
You need to adjust firewall rules on the work side to allow packets from the foreign VPN networks.
Also, just try playing with your route command more. It's terrible in Linux. In windows it works no problem. I've lost hours trying to get the route command to work (and never did - same error as yours).
What you could do is enable masquerade (Natting) on the openvpn interface (tun1 -----NAT----> tun0). That would *work* (i.e. let you access basic web,email and CIFS stuff) but woudn't be proper routing as packets will apperar to come from your home server's IP. So there's no going back (which may be fine..).
ANOTHER idea, it to change your "my vpn" to an openVPN bridge (dev tap0). That would fix all your problems as it would apperar as if you were sitting at home (with a home 192.168.0.x) IP. That would work perfect (which is actually what I did to fix the issues)
Last edited by jonnytabpni; 04-16-2009 at 07:25 AM.
Also, by "return traffic" are we talking about replies from the end point, or new requests coming from my work network trying to reach my laptop - if so, i'm not bothered about that.
It would be new requests. Replies from the end point would be fine (Just think how a normal NAT router in a house works)
For the bridging stuff (new to me), which machine would need to be changed? just my dedicated server ovpn interface? or all the clients?
Both the clients and the server on "MY VPN" would need their config files changed. It's fairly simple - just change from dev tun to dev tap. Change from "server" to "server-bridge". You will also need to set up bridging interfaces on teh server (If it is a linux server is really simple). Go to: http://openvpn.net/index.php/documen...-bridging.html for an excellent howto. I would strongly suggest you go down the bridging route rather than the routed/NAT. Provided you don't have any security implications regarding having remote clients directly on your LAN (The word "bridging" esentially means than any broadcast traffic is "copied" to the remote clients), this would be SO much simplier than firguring out the routed mode.
Last edited by jonnytabpni; 04-16-2009 at 01:50 PM.