Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 09-21-2010, 04:56 PM   #1
LQ Newbie
Registered: Sep 2010
Posts: 2

Rep: Reputation: 0
How to set a route for Eth1 (DHCP clients) to reach Tun0 (openvpn server)? CentOS

Hi Everyone,

I have openvpn tunnel setup between two CentOS servers. One of the CentOS servers also acts as a DHCP server for some client computers.

Server A= OpenVPN server
Server B= OpenVPN client (connects to Server A with OpenVPN)

The two CentOS servers can ping each other ( via the tun0.

However, client computer connected to Server B (DHCP server) can't reach (which is the OpenVPN server).

I think I am missing some routing in my "ip route show". Following is the full picture:


[root@static-host ~]# ip route show dev tun0 proto kernel scope link src via dev tun0 via dev tun0 dev eth0 scope link dev eth1 proto kernel scope link src
default via dev eth0

[root@static-host ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:F0:53:99
inet addr: Bcast: Mask:
inet6 addr: fe80::20c:29ff:fef0:5399/64 Scope:Link
RX packets:9221 errors:0 dropped:0 overruns:0 frame:0
TX packets:18571 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:880932 (860.2 KiB) TX bytes:3158462 (3.0 MiB)
Interrupt:59 Base address:0x2000

eth1 Link encap:Ethernet HWaddr 00:0C:29:F0:53:A3
inet addr: Bcast: Mask:
inet6 addr: fe80::20c:29ff:fef0:53a3/64 Scope:Link
RX packets:3469 errors:0 dropped:0 overruns:0 frame:0
TX packets:9342 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:619800 (605.2 KiB) TX bytes:461704 (450.8 KiB)
Interrupt:67 Base address:0x2080

lo Link encap:Local Loopback
inet addr: Mask:
inet6 addr: ::1/128 Scope:Host
RX packets:14078 errors:0 dropped:0 overruns:0 frame:0
TX packets:14078 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:594081 (580.1 KiB) TX bytes:594081 (580.1 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr: P-t-P: Mask:
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:546 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:504 (504.0 b) TX bytes:303948 (296.8 KiB)


[root@static-host ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface UH 0 0 0 tun0 UGH 0 0 0 tun0 UG 0 0 0 tun0 U 0 0 0 eth0 U 0 0 0 eth1 UG 0 0 0 eth0


What command can I issue to get this fixed? something along ip route add?

Note: There is no firewall service on both end. service iptables stop!
Note: I can't bridge eth1 and tun0 as DHCP server might mess up the other side.
Note: I can't do a push of "redirect-gateway def1" because then clients loose their IP as they send DHCP requests to Server A.

Thanks a lot
Old 09-21-2010, 11:37 PM   #2
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
It looks like you have a good start on the tunneling, but there are some other things to look for.

1. It appears that you are using 10.x.y.z as one private network for clients on the other side of server B from the tunnel, and 192.168.0.x as a second private network on the same side of server B as the 10.x.y.z net. Packets arriving at server B will be routed to unless they either belong 172.16.x.y, or are addressed to another address on one of the private nets.

2. It is not clear from what you have said how any replies will come back from server A. Such packets will have a destination address of 10.x.y.z or 192.168.0.x, and, depending on the routing table THERE, may or may not be sent back through the tunnel. It is essential that, when you tunnel between two machines, the network numbers at either end of the tunnel are different from each other, because the tunnel, in effect, joins them up.

3. To further complicate the picture, DHCP is a broadcast protocol (because, at the beginning of a DHCP exchange, a client does not possess an IP address). Forcing server A to route broadcast packets down the tunnel in addition to broadcasting them on local nets might take some further research; I am not certain about this.

Some quality time with tcpdump (running at each end of the tunnel) might shed further light on what is going wrong.
Old 09-22-2010, 01:14 AM   #3
LQ Newbie
Registered: Sep 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the reply.

Your point #3 doesn't stand right. For DHCP "problem" that you mentioned it does not happen (by default) unless:
push "redirect-gateway def1" is set in server.conf.

I solved the problem by adding the ccd in server.conf. That does a push of the IP network needed and problem was solved.

No further routing is needed at all any any other level. Of course I am assuming iptables is set to OFF.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM
iptables question with OpenVPN (tun0 to tun0 filtering) fang0654 Linux - Server 3 09-30-2009 03:17 AM
openvpn client couldn't reach other servers behind vpn server jeffhan Linux - Networking 2 08-28-2006 12:20 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:47 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration