|
|
Thanks everybody for all your help. The problem was really simple but
I'll post the solution anyway. If nothing else it goes a long way to
illustrating how "head space" influences your perception of correctness.
Because I have labeled each computer by the IP address if the eth1
adapter - the one that manages that location's subnet I have been using
that address for pings and for ssh/telnet and do on. I concluded,
falsely ,that the return traffic would be aiming at the eth1 adapter at
the computer I was making the request from instead of the IP adapter of
the TUN+ adapter.
Therefore yes it was a routing problem since it never occurred to me to
establish routes for the TUN+ ip addresses. Now that I have it works great.
I finally noticed the problem after running ethereal on every adabter
along the route.
Thanks again everybody, MT
Mathias Sundman wrote:
On Wed, 30 Jun 2004, Murray Thomson wrote:
I am using 1.6.0. I have listed routes to all servers from all
servers. I also have routes listed to each server on server A. If I
do a trace route from B to C (Uo to the central server and back out
again) all that I get back are the address of the other side of the
first tunnel. Then it stalls.
On server A ther are routes to all other servers. I can forward
traffic to them fine. the Romote servers gan ping the servers and any
on their subnets.. The only place where it goes wrong is when I need
to go to server A then back out to one of the remote ones.
Okay, well OpenVPN does not care about what subnets is on what side of
the VPN, like ipsec does, so if the routing is setup correctly it
should work.
And routing is enabled, and there is no firewalls running on the
machines that could be blocking the traffic?
Use a packet sniffer to see how far your packets get.
/Mathias
Mathias Sundman wrote:
On Wed, 30 Jun 2004, Murray Thomson wrote:
I want to set up a spider topology with OpenVPN. OpenVPN server A
has an OpenVPN tunnel to each of Servers B, C and D each with their
own subnet.
The problem is that from Server B,C or D I can not communicate with
any server other thatn A. From A however I can reach S,C and D and
any station on their respective subnets. Also from a station on
subnet A I can also get to B, C and D and also on their respective
subnets.
For some reason I cannot get from one of the arms streight through
the main server and back out again.
Does anyone know it this is not a workable topology or is there
something else I need to do to make this fly.
Yes, that should be no problem. What version of OpenVPN are you using?
If you are using 2.0 in server mode you need to use the option
--client-to-client to allow internal routing between the clients.
You probably also need to use --iroute in each client config file.
If you're not using v2.0 you probably just don't have the routing
setup correctly in your systems.
Is the OpenVPN machines the default gateway on each network? If not,
you need to make sure that EVERY machine on each network knows that
is should reach ALL the other networks through the openvpn machine.
In B, do you have a route to the network behind C and D through your
TUN/TAP interface? Same thing applies for C and D ofcource, they
need routes to the other "client networks" through the VPN.
If you still can't get the routing working, please post your
configs, and we can probably see what routes you're missing.
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|