Routing Between OpenVPN Clients and Remote Network...

sancho · 12-12-2007, 02:59 PM

I've setup an OpenVPN gateway with 2 interfaces: tun0 = 10.8.0.1 and eth0 = 192.168.1.1 . I would like machines on the 10.8.0.0 network to be able to talk to hosts on the 192.168.1.0 network as though they were on that network. I have setup the server.conf on the VPN gate way to push the route to the OVPN clients with the following line:

Code:

push "route 192.168.1.0 255.255.255.0"

The OVPN clients are getting an IP on the 10.8.0.0 network, and I can ping both 10.8.0.1 and 192.168.1.1 from the OVPN clients over the Internet when connected to the VPN. However, I still cannot ping any other hosts on the 192.168.1.0 network. What have I left out?

I've posted both the output of `ifconfig` and `route` below. Thanks in advance!

Code:

=============================================
OPENVPN SERVER INFORMATION (host: oracle)
=============================================

root@oracle:~# ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:14:C1:32:2E:41  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::214:c1ff:fe32:2e41/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11931214 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14139713 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:932560071 (889.3 MB)  TX bytes:2781576996 (2.5 GB)
          Interrupt:19 Base address:0x6c00 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:35771 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35771 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:20441659 (19.4 MB)  TX bytes:20441659 (19.4 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:799 errors:0 dropped:0 overruns:0 frame:0
          TX packets:557 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:72986 (71.2 KB)  TX bytes:89928 (87.8 KB)


root@oracle:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0       <--- route stalled before this line
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
localnet        *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     1000   0        0 eth0
default         ithaca.atlantis 0.0.0.0         UG    100    0        0 eth0





=============================================
OPENVPN CLIENT INFORMATION (host: celeris)
=============================================

bthornton@celeris:~$ ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:C0:9F:DE:46:9F  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:18 Base address:0xe000 

eth1      Link encap:Ethernet  HWaddr 00:14:A5:1C:4D:94  
          inet addr:10.254.105.124  Bcast:10.254.105.127  Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3029 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3317 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1626784 (1.5 MB)  TX bytes:456749 (446.0 KB)
          Interrupt:20 Memory:d0204000-d0206000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:43 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2933 (2.8 KB)  TX bytes:2933 (2.8 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


bthornton@celeris:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
71.97.11.64     10.254.105.97   255.255.255.255 UGH   0      0        0 eth1       <--- route stalled before this line
10.254.105.96   *               255.255.255.224 U     0      0        0 eth1
default         *               0.0.0.0         U     0      0        0 tun0

sancho · 12-13-2007, 04:50 PM

Anyone? I'm sure the answer to this question is just one simple "route" command. I'm familiar with the syntax of the command, but I'm not sure exactly what it is that I need to setup in order to achieve what I want.

All I want is for computers on the 10.8.0.0 network to be able to communicate with the entire 192.168.1.0 network via my VPN gateway.

lsteacke · 12-14-2007, 10:28 AM

Have you tried adding a route?

Try the command below.

route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0