OpenVPN Routing
as suggested by the support i'm going to post here what 've already posted on the OpenVPN Mailing List, as it could be a Linode-related issue.
> Hi,
just installed OpenVPN. This is my situation:
1 OpenVPN Server, 172.16.0.1
2 OpenVPN Client, 172.16.0.6
On my OpenVPN client (Windows) i also am connected to a LAN 192.168.1.0/24.
As i want reach my LAN from the Server, i've added 2 lines to my openvpn.conf:
client-config-dir ccd
route 192.168.1.0 255.255.255.0
And then, in the /etc/openvpn/ccd/foo1 file, this line:
iroute 192.168.1.0 255.255.255.0
I'm sure the Client's name is foo1 because in the ipp.txt file i have this line:
foo1,172.16.0.4
After that, i've restarted OpenVPN daemon, then tried, from the Server, to ping 192.168.1.1 or other IPs, but i always get a timeout error.
Can you please help me?
Thankyou
Then:
> I have a news:
I've enabled the ipv4 forwarding on my client.
Now from the server i can ping the LAN ip of the client (192.168.1.104), but still can't ping any other host in the lan.
Giorgio
Now i've also tried to set up another route, to access FROM my pc to the linode private network. I added to my openvpn.conf this line:
push "route 192.168.128.0 255.255.128.0"
But doesn't work. From the Client i can only ping my linode's private ip, not other ones.
Any idea?
IPV4 forwarding is enabled, of course.
Thankyou
EDIT: When i try to ping my lan ips, such as 192.168.103 or 192.168.1.1 from my linode, openvpn logs this:
> Jan 18 19:37:21 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.104 -> foo1/87.0.143.206:2313
Jan 18 19:55:08 li150-216 ovpn-openvpn[1127]: MULTI: Learn: 192.168.1.103 -> foo1/87.0.143.206:2313
When i try from the client to ping some private linodes ips, nothing happens.
EDIT2:
That's a tcpdump, when i try to ping a linode private ip from the client:
tcpdump -nS not port 22
> li150-216:/etc/openvpn# tcpdump -nS not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:06:18.721816 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:21.828708 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:21.830154 arp who-has 192.168.144.7 tell 192.168.144.70
20:06:21.830348 arp reply 192.168.144.7 is-at fe:fd:6d:4a:cb:cb
20:06:21.830356 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13312, length 40
20:06:27.133309 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:27.133505 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13568, length 40
20:06:28.180389 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:32.631906 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 101
20:06:32.632099 IP 172.16.0.6 > 192.168.144.7: ICMP echo request, id 1024, seq 13824, length 40
20:06:38.942689 IP 109.74.203.216.1194 > MYIP.3103: UDP, length 53
20:06:42.115622 IP MYIP.3103 > 109.74.203.216.1194: UDP, length 53
When i try to ping an ip of the Client's lan, ie 192.168.1.1 with tcpdump on the client i can see this:
> 21:21:01.410901 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 88, length 64
21:21:02.410968 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13317, seq 89, length 64
21:21:03.680817 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 1, length 64
21:21:04.681424 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 2, length 64
21:21:05.679867 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 3, length 64
21:21:06.684179 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 4, length 64
21:21:07.683099 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 5, length 64
21:21:08.680125 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 6, length 64
21:21:09.680222 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 7, length 64
21:21:10.680686 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 8, length 64
21:21:11.679803 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 9, length 64
21:21:12.680255 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 10, length 64
21:21:13.681900 IP 172.16.0.1 > 192.168.1.1: ICMP echo request, id 13829, seq 11, length 64
4 Replies
EDIT:
here's a link that describes the router's routing table configuration changes.
Hope this helps,
thefunnyman
in my openvpn.conf i have this line that automatically creates the route entry in the server table:
route 192.168.1.0 255.255.255.0
so that it's all set up to reach my host (and i reach it as you can see in tcpdump logs).
then, openvpn.conf sends to all clients this line:
push "route 192.168.128.0 255.255.128.0"
to set up on the clients proper rules to reach linode private lan. It's all set, i can verify it with a route print / route -n.
Thankyou
@solounaltronick:
Hi,
in my openvpn.conf i have this line that automatically creates the route entry in the server table:
route 192.168.1.0 255.255.255.0
so that it's all set up to reach my host (and i reach it as you can see in tcpdump logs).
then, openvpn.conf sends to all clients this line:
push "route 192.168.128.0 255.255.128.0"
to set up on the clients proper rules to reach linode private lan. It's all set, i can verify it with a route print / route -n.
Thankyou
OK, well, the settings i mentioned are specific to accessing your local lan FROM the vpn server or machines on it's subnet. Maybe I'm misunderstanding you, but it seems you're referring to reaching vpn server's subnet from your local lan in the quoted reply
ok sorry my english is not so good.
VPN Server (Linode)
eth0: Ext IP 1
eth0:1 Ext IP 2
eth0:2 Private IP
tun0: 172.16.0.1
VPN Client (My PC)
eth0: 192.168.1.102
eth0:0 192.168.1.104
eth0:1 192.168.1.106
tun0: 172.16.0.6
So, FROM the Server, i try to ping 192.168.1.1 that is the Client's LAN Router and it's directly connected to the Client on eth0.