[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] (no subject)

  • Subject: [Openvpn-users] (no subject)
  • From: "Karthik S" <talk2sk@xxxxxxxxxxx>
  • Date: Sun, 12 Oct 2003 09:40:02 +0000
Hi,

Firstly this is a great package to use quickly, I was able
to compile and install and get a tunnel working in 30
mins (after wading through the options etc etc). In
order to test the package and prove to myself that I
can use this for the final target environment of allowing
VPN over the internet for our intranet access etc, I
started a small experiment..


I have a network with 192.168.1.0/24 as the local
ethernet. The linux server is 192.168.1.1 and has eth0
as the local ethernet interface. The linux server is
connected to an adsl router by the interface eth1, and
ip address 192.168.0.2, the router is 192.168.0.1.

On linux, I have shorewall implementing a very restricted
firewall and masquerading eth0 over eth1. i.e. allowing
http access for the local net through the router.

Firstly what I did was to try and implement a tunnel
between the linux server and my XP machine (gotta use
it for dev :-( ). This went off smoothly, I had the tunnel
between my xp machine and the linux server over the
ethernet as 192.168.2.2 (xp) <-> 192.168.2.1 (linux). I
was able to ping both end points and there were no
problems.

The problems occur when I try to masq. tun0 over eth1.
Apparently all the configuration is okay (maybe), but the
connections never succeed (there is no response).
Falling back to getting the basics working, I have tried
ping to a static ip address (say 202.54.xxx.xxx) this
works over the ethernet and masq. But when I set the
route on the xp machine to use the tunnel interface the
packets seemed to go into a black hole.

I then started tracing the packets using tcpdump. The
packets were coming through tun0 on the linux machine
fine. The packets (icmp) were being accepted by
shorewall fine (ACCEPT:info). They were being forwarded
onto the eth1 interface too. But at this point I found
some strange messages.

arp who-has 192.168.2.2 tell 192.168.0.1

(I have verified that when browsing through the
ethernet this is a common occurrence followed by an
arp-reply)

But in this case there was no arp reply. My guess is that
the icmp reply is coming back to the router but it doesnt
know where to send it ??

How can I solve this (I am sure its a very small trick).

ADDITIONAL NOTE:

I have reason to believe this has got more to do with MASQUERADING since
the outgoing address from the linux box is 192.168.2.2 instead of masquerading as 192.168.0.1 as is being done on eth0 ??


Your help is much appreciated
Regards
Kak

_________________________________________________________________
Make glass paintings? Are you a good artist? http://server1.msn.co.in/features/general/diwali.asp Sell your Diwlai creations online.


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users