Thomas Heidemann wrote:
> No,
>
> my very private client has address 192.168.1.100, which is not part of the 192.168.a.0/24 network.
> Then the connection initializes and the routes are pushed, I can see (with tcpdump) my ping request going through the tun0 interface to host 10.8.0.1.
You see this on the client looking at tun0, what about the client's eth0
interface (I assume it is the interface to the server) Do you see
encrypted packets which carry your ping requests?
But this does never arrive at the vpn server!
Have you checked the ethernet interface on the server too?
Then have a look at /proc/sys/net/ipv4/conf/tun0/rp_filter. If the value
is 1 and you don't have a route to the source address through tun0 this
might reject the packet _before_ you can see it. If the source address
is in the 192.168.1.0/24 range, then you need to iroute that subnet.
>
> So, I'm at the end of my knogledge. It should work!
cheers
Erich
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-------------------------------------------------------------------------
Get stuff done quickly with pre-integrated technology to make your job easier _______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|