|
|
Roland Pope <rpope <at> jadeworld.com> writes: > > ----- Original Message ----- > From: "Kevin Berrien" <kblists <at> comcast.net> > > I'm short one route on the client which allows my LAN workstations to exit > > my > > firewall. While I can ping the firewall from a workstation, I can't go > > beyond > > without adding a default route to the client vpn machine to the tunnel. > > This I > > have to do manually, which isn't doable in a production environment. I > > can't > > predefine the route in /etc/sysconfig/network, nor add the route in > > openvpn-startup (fails). These are likely not the proper ways to do it > > anyways.. > Kevin, > > So if I understand you correctly, the "Redirect Gateway" push from the > server is the bit that is not working? > > Have you tried push "redirect-gateway" without the def1 flag? > Is there an error generated on the client when it connects? > > Also, perhaps you could post your client log showing the messages when the > client connects? > > Roland I tried without the def1 without success. In the end I put a route-up "route add default gw 10.8.0.5" in the client.conf which gets things routing across the vpn. Now, this is certainly not correct, I'm using 10.8.0.5 as its the addr the client is using, but I'll eventually have multi clients, so I assume this IP will not necessarily be always in use per this one client. I tried route add default gw tun0" without success, it won't take. The gateway may be working, I'm not sure exactly whats its supposed to accomplish EXACTLY. I can ping form a client side workstation all the way to our firewall (client lan thru client vpn server thru tunnel - thru router to firewall). But I don't get anything outside the firewall. After connecting the tunnel, there is NO default route on the client server. Also, when I use the route-up on the client, I can't ping beyond the servers interfaces, yet workstations on the client lan CAN! As for a client log, I'm not aware of where to find it. I'm using the sample config files from the documentation, and I don't remember it having any specific loggin on the client. Just when I though this was starting to work, things are just getting worse. Now it seems that if I disconnect the client, the server will always think its still connected, and I can't reconnect, unless I restart the server. Stumped and frustrated. This was looking to be a great no-cost solution to a big problem our school district has, but I'm thinking it won't be ready for school opening. Kevin ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |