openvpn and routing

openvpn and routing
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.vpn  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
openvpn and routing Boris Glawe 02-06-2006
Posted by Boris Glawe on February 6, 2006, 12:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

my openvpn server is a redhat linux machine.

My net is 192.168.1.0/24, the openvpn server is 192.168.1.100

The openvpn server has an ethernet interface connected to my LAN and a default
gateway to the modem/router (192.168.1.5)

The openvpn software serves many different operationg systems (linux, mac and
win). The openvpn clients get an ip-address from the 192.168.2.0

The openvpn server has a tun0 interface with the address 192.168.2.1 and a route
to 192.168.2.2, which seems to be a "local" link to the daemon.

According to the openvpn faq, the server reserves a /30 subnet für each client.
So the first client gets the subnet 192.168.2.4/30 and has the ip 192.168.2.6.
The server has the ip 192.168.2.5



I'd like to set a route on the client, that garantees, that all packages sent to
192.168.1.0 are routed through the openvpn tunnel.

On a linux client, which was assigned the first /30 subnet (192.168.2.4/30) I
tried two versions:

route add -net 192.168.1.0/24 gw 192.168.2.1
which resulted in a "network not found" error messagen

the other command is
route add -net 192.168.1.0/24 gw 192.168.2.5
which was accepted. But sending packages to the server doesn't work. Contacting
a webserver on this 192.168.1.0 subnet results in timeouts.

Are there any options for the client, that automatically sets the correct
routes? What are the correct routing settings at all?

What if the client is assigned another ip-address and thus another /30 subnet?
In this case, the router has a totally different ip-address? Is there a way to
automatically find out the correct router?

thanks and greets

Boris

Network Magic Graduation 20% off animated banner
Posted by Bill Davidsen on February 10, 2006, 12:34 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Boris Glawe wrote:
> Hi,
>
> my openvpn server is a redhat linux machine.
>
> My net is 192.168.1.0/24, the openvpn server is 192.168.1.100
>
> The openvpn server has an ethernet interface connected to my LAN and a
> default gateway to the modem/router (192.168.1.5)
>
> The openvpn software serves many different operationg systems (linux,
> mac and win). The openvpn clients get an ip-address from the 192.168.2.0
>
> The openvpn server has a tun0 interface with the address 192.168.2.1 and
> a route to 192.168.2.2, which seems to be a "local" link to the daemon.
>
> According to the openvpn faq, the server reserves a /30 subnet für each
> client. So the first client gets the subnet 192.168.2.4/30 and has the
> ip 192.168.2.6. The server has the ip 192.168.2.5
>
>
>
> I'd like to set a route on the client, that garantees, that all packages
> sent to 192.168.1.0 are routed through the openvpn tunnel.
>
> On a linux client, which was assigned the first /30 subnet
> (192.168.2.4/30) I tried two versions:
>
> route add -net 192.168.1.0/24 gw 192.168.2.1
> which resulted in a "network not found" error messagen
>
> the other command is
> route add -net 192.168.1.0/24 gw 192.168.2.5
> which was accepted. But sending packages to the server doesn't work.
> Contacting a webserver on this 192.168.1.0 subnet results in timeouts.
>
> Are there any options for the client, that automatically sets the
> correct routes? What are the correct routing settings at all?

Sure, there's a "route" directive in the config, just note that it
doesn't seem to work with net/bits notation, but "net mask" as dotted
quads seems to work for us.
>
> What if the client is assigned another ip-address and thus another /30
> subnet? In this case, the router has a totally different ip-address? Is
> there a way to automatically find out the correct router?

I can't even guess on that, hopefully someone will be able to explain.

--
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979

Similar ThreadsPosted
openvpn Routing Problem October 31, 2006, 7:58 am
OpenVPN October 22, 2005, 8:54 pm
openvpn & pptp February 7, 2005, 5:56 pm
Problems with OpenVPN March 4, 2005, 6:31 pm
OpenVPN DNS problem March 27, 2005, 2:17 pm
An ode to OpenVPN, and a question September 17, 2005, 10:06 pm
openvpn windows xp client August 25, 2005, 6:45 am
openvpn one client and more servers. November 26, 2005, 12:16 pm
OpenVPN on local network December 18, 2005, 7:35 am
OpenVPN certificate question May 3, 2006, 11:31 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map