routing / vpn issue
Hi,
I have set up a VPN using openvpn and am having a few issues getting the hosts on LAN A to talk to hosts on LAN B and vice versa. I have got the VPN connected and the VPN client machine can ping and talk to the VPN server. However, hosts on the VPN client network cannot talk to the VPN server or hosts on the VPN server's LAN. I think this is just a simple routing problem, but I would appreciate if someone can clarify. It's very important that no NAT occurs between hosts on LAN A (client LAN) and hosts on LAN B (server LAN). Here's my network.... openvpn is installed on a router (running dd-wrt) that connects LAN A to the internet. Client LAN network: 192.168.1.0 / 255.255.255.0 Client LAN gateway & vpn router IP: 192.168.1.1 Server LAN network: 10.2.1.0 / 255.255.255.0 Server LAN IP: 10.2.1.1 VPN Network: 10.8.0.0 / 255.255.255.0 VPN Server IP: 10.8.0.1 VPN Client IP: 10.8.0.6 Here's what happens why I try to ping:- (ping from vpn client)# ping 10.8.0.1 64 bytes from 10.8.0.1: seq=0 ttl=64 time=3.652 ms (ping from vpn server)# ping 10.8.0.6 No response (ping from a machine on client LAN)# ping 10.8.0.1 No response (ping from a machine on client LAN)# ping 10.2.1.1 No response (ping from vpn server)# ping 192.168.1.1 No response Someone said I need to set up static routes - can anybody explain exactly what I need to do? Here's the route command run from the client vpn #route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.2.1.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 192.168.1.0 * 255.255.255.0 U 0 0 0 br0 12.121.80.0 * 255.255.248.0 U 0 0 0 vlan1 169.254.0.0 * 255.255.0.0 U 0 0 0 br0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 12-121-80-1.zon 0.0.0.0 UG 0 0 0 vlan1 |
Incidentally, if I run
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE on the VPN client, machines on the client LAN can now ping and access machines on the Server LAN. Although this now seems to be doing nat because connections from hosts on the client LAN to hosts on the server LAN now all show as coming from 10.8.0.6 (the client VPN ip) and not the 192.168.1.xxx address |
All times are GMT -5. The time now is 01:39 AM. |