[Openvpn-users] multi-server and net-net routing not working

[Oliver Welter <mail@xxxxxxxxx>]

Hi,

I upgraded my server from to seperate 1.5vpns to a 2.0 with 
multiserver-feature. Now I have the problem that I am unable to reach 
the subnets on the client side...

I can ping the tunnel-peers on both systesm and I can reach the 
"server-subnet" from the client, but I am unable to connect to the 
client-subnet from the server side....

here are the important parts of my config.
Server (suse box with openvpn2.0 from source):
mode server
tls-server
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.168.0 255.255.255.0" (subnet behind the server)
client-config-dir ccd
route 192.168.200.0 255.255.255.0 (subnet behind the client)
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3

Client (suse 9.3 with rpm):
client
dev tun
proto udp
remote XXXXX.homeip.net 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert myclient.crt
key myclient.key
comp-lzo
verb 9

I have a ccd-directory and a file called "myclient" (the part from the
cert-dn) that contains:
iroute 192.168.200.0 255.255.255.0

My network looks like this:

Home-Network    VPNClient    VPNServer    Office
192.168.200.0 - 10.8.0.14  -  10.8.0.1 - 192.168.168.0

From the Client I can ping Peer AND Office Network
From the VPNServer and the Office Network I can ping the Client-Peer-IP 
(10.8.0.14) but not the network IP of the peer.

route -n on the VPNServer shows:

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
XXX.XXX.161.1    0.0.0.0        255.255.255.255 UH    0      0        0 ppp0
192.168.168.0   0.0.0.0         255.255.255.128 U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.200.0   10.8.0.2        255.255.255.0   UG    0      0        0 tun0
0.0.0.0         XXX.XXX.161.1    0.0.0.0         UG    0      0        0
ppp0


route -n on client shows
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.8.0.1        10.8.0.13       255.255.255.255 UGH   0      0        0 tun0
10.8.0.13       0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.200.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
XXX.YYY.24.0     0.0.0.0         255.255.255.0   U     0      0        0
eth0
192.168.168.0   10.8.0.13       255.255.255.0   UG    0      0        0 tun0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         XXX.XXX.XXX.XXX   0.0.0.0         UG    0      0
0 eth0


So it seems to me that on the VPN Server Side the routing for the IP of
the client ist not working.

cat openvpn-status on the server shows:
OpenVPN CLIENT LIST
Updated,Thu Jun  2 10:40:31 2005
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
myclient,X.X.X.X:3435,6464,8820,Thu Jun  2 10:32:29 2005
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.13,myclient,X.X.X.197:35913,Thu Jun  2 10:32:31 2005
192.168.200.0/24,myclient,X.X.X.197:35913,Thu Jun  2 10:32:31 2005
GLOBAL STATS
Max bcast/mcast queue length,0
END

so - any ideas how to debug this or how to solve the problem.....

Oliver

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature