iptables routing and VPN

pie86 · 01-08-2008, 03:17 PM

hello,
I know that there are already a lot of thread about vpn and routing questions but after reading a lot of posts I still can't solve my problem! (probably I'm too stupid!

)

Here is the situation:

I use openvpn to create a virtual lan over my 2 networks. I'll try to use a scheme to show the structure of the 2 networks:

Code:

net 1: mypowerbook -> netgear router -> internet
     192.168.1.2      192.168.1.1      internet access under NAT (fastweb for those who lives in italy ;)

net 2: server        -> dlink router -> internet
       192.168.0.10    192.168.0.1    internet access (not under NAT)

the vpn server is ofcourse on the server (net 2) and the addresses are 10.8.0.6 for my mac and 10.8.0.1 on the server.
When I try to ping 10.8.0.6 from 10.8.0.1 or vice versa everything works well!

What I would like to do is access 192.168.0.1 and possibly also internet through the network without NAT (net 2)

ifconfig of the server

Code:

eth0      Link encap:Ethernet  HWaddr 00:E0:4C:20:73:B0  
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3574028 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3535106 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 
          RX bytes:2502960712 (2387.0 Mb)  TX bytes:1984925716 (1892.9 Mb)

eth1      Link encap:Ethernet  HWaddr 00:E0:7D:EA:57:09  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1995237 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2413831 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 
          RX bytes:878309474 (837.6 Mb)  TX bytes:2460239391 (2346.2 Mb)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:490 errors:0 dropped:0 overruns:0 frame:0
          TX packets:490 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 
          RX bytes:40895 (39.9 Kb)  TX bytes:40895 (39.9 Kb)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:58715 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39953 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 
          RX bytes:69166610 (65.9 Mb)  TX bytes:6337916 (6.0 Mb)

(on the server there is also a second ethernet card that provide wireless connection in the house where the server is (my parent's house

)

ifconfig on powerbook

Code:

llo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
        ether 00:11:24:83:cd:60 
        media: autoselect (<unknown type>) status: inactive
        supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback>
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::211:24ff:fe93:e18f%en1 prefixlen 64 scopeid 0x5 
        inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:11:24:93:e1:8f 
        media: autoselect status: active
        supported media: autoselect
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 2030
        lladdr 00:11:24:ff:fe:83:cd:60 
        media: autoselect <full-duplex> status: inactive
        supported media: autoselect <full-duplex>
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff 
        open (pid 322)

Is it possible to connect the two netwoks? How could I do that?

ps: I apologize for my bad English, I'm still learning it!

jschiwal · 01-08-2008, 04:33 PM

The IP addresses in your diagram don't seem to match the IP address in your text. I don't see any 10.8.xxx.xxx in the diagram. A 10.xxx.xxx.xxx address is a nonroutable private address. If that is the so-called internet address on server 2 site, the ISP may have lied to you because you may be behind NAT there as well.

I don't know how you would get one side to find the other unless they both contact a third party with a real internet address. If site 2 had a real internet address, and the site 1 side could contact it, that would make it possible to set up a establish a connection.

jschiwal · 01-08-2008, 04:45 PM

Rereading your post, I missed the part about having a wifi connection with the server ( in your parents house ). If this is a secured wifi connection using wpa and not wep, you don't need to use the ppp protocol or a vpn. You can simply have that interface on the wireless network, and use forwarding. Then use your parents dlink wireless router as the default gateway address.
I don't understand the FastWeb bit. If the italian sites are in the same subnet, you could create a route for that subnet to use your netgear router. Or if your parents access is adequate, drop your service and help pay for your parents.

pie86 · 01-09-2008, 03:26 AM

I'm sorry, I made a bit of confusion...

wireless network is irrilevant for the my problem, forget it!

the correct diagram should include the vpn tunnel between my mac and the openvpn server on the server (net2). Of course the server is not under nat and I can reach it through internet.

What I would like to do is connect the two network and for example redirect a open port on the server through the vpn to my laptop (the mac on net1)

I read that 10.x.x.x is non routable...so I have to change that network address?

I hope that this corrections could clarify the situation!

thanks a lot!

Pietro

jschiwal · 01-09-2008, 07:11 PM

I'm not clear about the tunnel device you have setup. What's at 10.8.0.5 and 10.8.0.2? And across what medium?

So the wireless on the server is what your parents use for their LAN and you are not in range, correct?

vathna · 01-14-2008, 04:59 AM

Dear all,

anyone can help me please?

I have same problem with this.

I have two network card Eth0 connecto to ISA with ip address 203.189.x.x
and eth1 connect lan 192.168.1.x

i installed POPTOP and config it and it work for me if i connect to my vpn in local network.

but if i go outside and connect to my isp address 203.189.x.x i got error 800 unable to connecto to vpn server.

please tell me what should i do more?
may be i lack something?

thanks.

Jirka11 · 01-14-2008, 03:09 PM

Could you ping that IP? Did you dump the packets? Which VPN you use? Some verbose log?

_____________________________________________
My IP address