[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Routing on and off VPN client & server.

Subject: [Openvpn-users] Routing on and off VPN client & server.
From: Kevin Berrien <kblists@xxxxxxxxxxx>
Date: Fri, 8 Jul 2005 19:26:55 +0000 (UTC)

I'm trying to setup OpenVPN tunnels to connect satellite buildings via broadband
connections for our school district.  While we have fiber to campus buildings,
we have special small "schools" off campuses.  We need to connect these
locations to our LAN, and route their Internet traffic through our gateway with
content filter and logging (CIPA!).  Using stand alone filtering is ineffective
and expensive.

I've succeeded at setting up OpenVPN connections via broadband, and in my 'on
the table' experiment via crossover.  I can ping back and forth between the
servers over the tunnel, and to the other interfaces on those server (both have
duel nic's).

My weak point has always been routing, and I'm unable to get beyond the servers
themselves.  In the end, I'll need clients in a satellite building to have all
traffic (internet, dns, everything) routed through the tunnel, to our server -
which will route out our standard gateway.  I plan on having the client
"servers" be both firewall & openvpn clients.  Default gateways for boxes are
their broadband addresses.

I've been using the push "redirect-gateway def1" without success, though I'm
certain I'm missing some routes.

SERVER - RHEL4/CentOS
vpn addr 10.8.0.1  tun
system lan - 172.20.200.x  eth1 (default gw 172.20.2.1)  
test crossover 'Internet' - 192.168.6.3  eth0

CLIENT - RHEL4/CentOS
vpn addr 10.8.0.2  tun
satellite lan - 172.20.60.x eth1 (workstation client on this subnet)
test crossover - 192.168.6.2  eth0

The test crossover will be the broadband links, I've got the boxes using those
as their default gateways.  I'll add the firewall aspect once I get this
working, basically only allowing traffic over the tunnels.

I'd love to have any clients in the satellite buildings treat the client OpenVPN
box as any other router in our network.  Thus clients needing only point to our
main DNS servers (on 172.20.2.x), and our main gateway at 172.20.2.1.  This way
client config is identical to any other building, fiber or VPN.

Thanks, any suggestions are welcome.

Kevin




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Prev by Date: [Openvpn-users] are source and destination port the same?
Next by Date: RE: [Openvpn-users] are source and destination port the same?
Previous by thread: RE: [Openvpn-users] are source and destination port the same?
Next by thread: [Openvpn-users] TR: problem with dh
Index(es):
- Date
- Thread