|
|
Title: AW: [Openvpn-users] Problem with multiple push "route..."
Hi,
The problem seems to bee different. Pushing two complete other routes (which as to cross some other gateway too) works like a charm.
Sorry for that.
The problem occurs when I push the route to 192.168.a.0/24 or any minor subnet within. Have a look at my network diagram again:
Client --> OpenVPN server -- network1 (192.168.a.0/24) -- gateway -- network2 (10.1.b.0/24)
This is the route of the server before client connect:
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.a.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.a.1 0.0.0.0 UG 0 0 0 eth0
During client connect, the routing table of the server doesn't change.
Routing table of client during connect:
Ziel Router Genmask Flags Metric Ref Use Iface
10.8.0.1 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.a.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (my home network)
10.1.b.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.10 0.0.0.0 UG 0 0 0 eth1
I don't see any problems.
Here is my current config:
mode server
tls-server
proto tcp-server
dev tun
lport 443
ca certs/ca.pem
cert certs/gate.crt
key certs/gate.key
dh certs/dh2048.pem
tls-auth certs/ta.key 0
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool 10.8.0.10 10.8.0.254
route 10.8.0.0 255.255.0.0
push "route 10.8.0.1"
ifconfig-pool-persist ipp.txt
push "route 192.168.a.0 255.255.255.0"
push "route 10.1.b.0 255.255.255.0"
client-config-dir ccd
keepalive 3 20
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 5
client-connect "/etc/openvpn/scripts/client-up.sh"
client-disconnect "/etc/openvpn/scripts/client-down.sh"
I hope, I explained it so that you can understand my problem...
Some idea?
Regards,
Thomas
-----Ursprüngliche Nachricht-----
Von: Erich Titl [mailto:erich.titl@xxxxxxxx]
Gesendet: Dienstag, 12. September 2006 23:10
An: Thomas Heidemann
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: Re: [Openvpn-users] Problem with multiple push "route..."
Thomas Heidemann wrote:
> Erich!
>
> Many thanks for your configs. I checked them against my ones and didn't find any big difference.
> After some testing I got some more info about my problem. Thought I tested it before, but....
>
> The problem is directly connected to one of my pushed routes.
Which one?
When I push the route, which has to cross some other gateway, everything
is ok. But when I push the route to the network in which the vpn server
is connected directly the connection is closed in the mentioned way.
But this is _not_ the route for the tunnel? Does your statement that the
two pushed routes are equivalent in respect to the problem still hold?
>
> Does this point to some other solution?
It depends, if the route you are pushing collides with tunnel traffic,
then a more restrictive route is needed for the tunnel traffic.
You should take a look at the routing tables on the server before and
after the incident.
cheers
Erich
-------------------------------------------------------------------------
Get stuff done quickly with pre-integrated technology to make your job easier _______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|