LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Closed Thread
  Search this Thread
Old 02-21-2008, 06:42 AM   #1
jjge
Member
 
Registered: Jun 2003
Location: Kalkar, Germany
Distribution: Slackware
Posts: 108

Rep: Reputation: 16
Trying to route via OpenVPN client


Hello, *

I have a problem.

I am trying to connect two networks, 10.x.y.z and 192.168.87.t via a VPN tunnel.
The tunnel itself works, and I can route via the server, but not via the client.

The (in my opinion, of course) relevant machines are:
A 192.168.87.6 the machine from which I try to control everything
B 192.168.87.5 the VPN client/designated router (this is where I seem to have a problem)
C 10.0.0.21 the VPN server, and router (which works)

When I try to PING from Machine A to Machine C, I get no reply.

Using tcpdump -i tun0 icmp,
these come from Machine A, tcpdump on machine B, do not arrive at machine C:

11:33:07.263612 IP 192.168.87.6 > 10.0.0.21: ICMP echo request, id 42802, seq 7, length 64
11:33:08.264026 IP 192.168.87.6 > 10.0.0.21: ICMP echo request, id 42802, seq 8, length 64
11:33:09.263407 IP 192.168.87.6 > 10.0.0.21: ICMP echo request, id 42802, seq 9, length 64
11:33:10.350762 IP 192.168.87.6 > 10.0.0.21: ICMP echo request, id 42802, seq 10, length 64

Of course I also used tcpdump at machine C, to verify, and I never see anything from
icmp appear on tun0.

Next I start ping from machine B: these arrive at machine C, and get replies:

11:33:51.049617 IP 192.168.101.10 > 10.0.0.21: ICMP echo request, id 27714, seq 1, length 64
11:33:51.135377 IP 10.0.0.21 > 192.168.101.10: ICMP echo reply, id 27714, seq 1, length 64
11:33:52.050230 IP 192.168.101.10 > 10.0.0.21: ICMP echo request, id 27714, seq 2, length 64
11:33:52.133727 IP 10.0.0.21 > 192.168.101.10: ICMP echo reply, id 27714, seq 2, length 64
11:33:53.050244 IP 192.168.101.10 > 10.0.0.21: ICMP echo request, id 27714, seq 3, length 64
11:33:53.133586 IP 10.0.0.21 > 192.168.101.10: ICMP echo reply, id 27714, seq 3, length 64
11:33:54.050243 IP 192.168.101.10 > 10.0.0.21: ICMP echo request, id 27714, seq 4, length 64
11:33:54.133149 IP 10.0.0.21 > 192.168.101.10: ICMP echo reply, id 27714, seq 4, length 64

My routing table on Machine A:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
217.0.116.140 * 255.255.255.255 UH 0 0 0 ppp0
localnet * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 Penti 255.255.0.0 UG 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default * 0.0.0.0 U 0 0 0 ppp0
#
so indeed, packets for 10.0.0.21 will go to "Penti", which is Machine B.

On Machine B, I have a routing table:
# route
Kernel IP routing table
Destination * * Gateway * * * * Genmask * * * * Flags Metric Ref Use Iface
192.168.101.9 * * * * * * * * * 255.255.255.255 UH * *0 * * *0 * 0 tun0
192.168.101.1 * 192.168.101.9 * 255.255.255.255 UGH * 0 * * *0 * 0 tun0
192.168.101.0 * 192.168.101.9 * 255.255.255.0 * UG * *0 * * *0 * 0 tun0
192.168.87.0 * ** * * * * * * * 255.255.255.0 * U * * 0 * * *0 * 0 eth0
link-local * * ** * * * * * * * 255.255.0.0 * * U * * 1000 * 0 * 0 eth0
10.0.0.0 * * * *192.168.101.9 * 255.0.0.0 * * * UG * *0 * * *0 * 0 tun0
default * * * * 192.168.87.6 * *0.0.0.0 * * * * UG * *100 * *0 * 0 eth0

so everything entering for 10.x.y.z should go to 192.168.101.9, and via tun0 to machine C.
And indeed, as the above example shows, it does come out on tun0, but then it only seems to arrive at the other end when originating on machine B, but not when routed from Machine A.

Of course:

root@Penti:/home/administrator# cat /proc/sys/net/ipv4/ip_forward
1

and the firewall is empty:

root@Penti:/home/administrator# iptables -L
Chain INPUT (policy ACCEPT)
target * * prot opt source * * * * * * * destination * * * *

Chain FORWARD (policy ACCEPT)
target * * prot opt source * * * * * * * destination * * * *

Chain OUTPUT (policy ACCEPT)
target * * prot opt source * * * * * * * destination * * * *

Am I missing something?
 
Old 02-21-2008, 06:43 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
OpenVPN route issues, all traffic through VPN tunnel stuartornum Linux - Server 4 03-05-2007 03:07 AM
OpenVPN and default route ziobudda Linux - Networking 0 09-13-2006 10:04 AM
Openvpn client to client routing question soup Linux - Networking 0 02-16-2006 11:13 AM
OpenVPN client cannot route to LAN TheAmazingSteve Linux - Networking 1 09-29-2005 03:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration