|
|
I think I have the answer to my own question.... :) ARP Proxy seems to do the trick. If anyone has a better idea please send it along. On the vpn server: arp -i eth1 -Ds 10.8.0.2 eth1 pub I can put something like this in a learn-address script. Sure will be a lot simpler than the learn-address I had going for bridging. :) Richard Quintin wrote: > Hi all, > > I'm working on moving from a sort of working bridged vpn to a topology > subnet. My hope is that it will simplify my life considerably. > > # openvpn --version > OpenVPN 2.1_beta14 i686-pc-linux [SSL] [LZO2] [EPOLL] built on Aug 2 2006 > Developed by James Yonan > Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@xxxxxxxxxxx> > > How do I setup the route/firewall to allow traffic between a vpn client > and host sitting behind the vpn server. > > vpn client (10.8.0.2) <---vpn--->(tun0 - 10.8.0.1) vpn server (eth1 - > 10.82.162.250) <------>(10.82.162.116) host > > Client is able to connect fine. Pings to 10.8.0.1 are fine. > I push all 10.0.0.0/8 through tun0. > 10.0.0.0 * 255.0.0.0 U 0 0 0 tun0 > > So now when I ping 10.82.162.116, the host (10.82.162.116) sees the > ping, but is unable to respond because no one responds to an arp who-has > 10.8.0.2. > > Should the vpn client be responding or should the vpn server be > responding on behalf of the client? In either case can someone suggest > the proper ip/eb/arptables rules to make it so? > > Thanks! -- Richard Quintin, DBA Information Systems & Computing, DBMS Virginia Tech ~ Never argue with an idiot. They drag you down to their level then beat you with experience. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |