routing / vpn issue
I have set up a VPN using openvpn and am having a few issues getting the hosts on LAN A to talk to hosts on LAN B and vice versa.
I have got the VPN connected and the VPN client machine can ping and talk to the VPN server. However, hosts on the VPN client network cannot talk to the VPN server or hosts on the VPN server's LAN.
I think this is just a simple routing problem, but I would appreciate if someone can clarify. It's very important that no NAT occurs between hosts on LAN A (client LAN) and hosts on LAN B (server LAN).
Here's my network....
openvpn is installed on a router (running dd-wrt) that connects LAN A to the internet.
Client LAN network: 192.168.1.0 / 255.255.255.0
Client LAN gateway & vpn router IP: 192.168.1.1
Server LAN network: 10.2.1.0 / 255.255.255.0
Server LAN IP: 10.2.1.1
VPN Network: 10.8.0.0 / 255.255.255.0
VPN Server IP: 10.8.0.1
VPN Client IP: 10.8.0.6
Here's what happens why I try to ping:-
(ping from vpn client)# ping 10.8.0.1
64 bytes from 10.8.0.1: seq=0 ttl=64 time=3.652 ms
(ping from vpn server)# ping 10.8.0.6
(ping from a machine on client LAN)# ping 10.8.0.1
(ping from a machine on client LAN)# ping 10.2.1.1
(ping from vpn server)# ping 192.168.1.1
Someone said I need to set up static routes - can anybody explain exactly what I need to do?
Here's the route command run from the client vpn
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.2.1.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
18.104.22.168 * 255.255.248.0 U 0 0 0 vlan1
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 12-121-80-1.zon 0.0.0.0 UG 0 0 0 vlan1
Incidentally, if I run
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE
on the VPN client, machines on the client LAN can now ping and access machines on the Server LAN.
Although this now seems to be doing nat because connections from hosts on the client LAN to hosts on the server LAN now all show as coming from 10.8.0.6 (the client VPN ip) and not the 192.168.1.xxx address
|All times are GMT -5. The time now is 10:04 PM.|