[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Entering someone's LAN

  • Subject: Re: [Openvpn-users] Entering someone's LAN
  • From: Karol Krenski <pldmimooh@xxxxxxxxxxxxxxx>
  • Date: Fri, 13 Oct 2006 18:26:46 +0200
Thanks for the first answers guys, but I need to go on with the issue.

On Thu, Oct 12, 2006 at 08:47:09PM +0200, Christoph Haas wrote:
> Hi, Karol...
> 
> On Thursday 12 October 2006 18:36, Karol Krenski wrote:
> > I am a newbie to VPN. Luckly I managed to configure OpenVPN server.
> 
> Server? You are probably the OpenVPN "client".
Nope, I mean server and clients
 
> > In 
> > our school there are a few LANs (protected with firewalls and NAT) and I
> > can access all LANs from outside via school's OpenVPN server.
> >
> > The configuration
> > 10.55.0.2    - OpenVPN server tun0
> > 10.55.0.14   - home tun0
> > 192.168.23.1 - home eth0
> > 195.188.79.4 - home gets natted into this
> >
> > My home machine is 192.168.23.1. Then there's router+NAT which I don't
> > administer - the traffic to the school from home comes from 195.188.79.4
> > via that - someone's router.
> >
> > Now, how should I access home from school? When logged to the OpenVPN
> > server I can ping 10.55.0.14. Should I use 10.55.0.14 or
> > 192.168.23.1(+magic) when pinging home?
> 
> Unless the OpenVPN server at school knows that your network is 
> 192.168.23.?/? you can only reach 10.55.0.14.
Right, this is the problem, I want to teach OpenVPN server about
192.168.23.? - home network. So I added
push "route 192.168.23.0 255.255.255.0"
to /etc/openvpn/mytunnel.conf

This is my school host (192.168.50.15/10.55.0.18) connected to the tunnel:

[user@g15 ~]$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
10.55.0.1 	10.55.0.17      255.255.255.255 UGH   0      0        0 tun0
10.55.0.17      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.50.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.23.0    10.55.0.17      255.255.255.0   UG    0      0        0 tun0
0.0.0.0         192.168.50.100  0.0.0.0         UG    0      0        0 eth0

As you can see the 192.168.23.0 network was "imported"

----------------------------
192.168.23.1 home
191.64.17.45 OpenVPN server

[user@g15 ~]$ sudo ping 192.168.23.1

tcpdump on the OpenVPN server:
17:08:29.558237 IP 10.55.0.18 > 192.168.23.1: icmp 44: echo request seq 35840
17:08:29.558272 IP 191.64.17.45 > 192.168.23.1: icmp 44: echo request seq 35840
17:08:29.686058 IP 10.55.0.18 > 192.168.23.1: icmp 44: echo request seq 36096
17:08:29.686092 IP 191.64.17.45 > 192.168.23.1: icmp 44: echo request seq 36096
17:08:29.814057 IP 10.55.0.18 > 192.168.23.1: icmp 44: echo request seq 36352
17:08:29.814092 IP 191.64.17.45 > 192.168.23.1: icmp 44: echo request seq 36352

Ping goes to right gate, but VPN server can't forward it. How can
191.64.17.45 ever reach 192.168.23.1? There is no route to 192.168.23.0
on the OpenVPN server. There is nothing about 192.168.23.0 in /etc
(except push parameter). 

As I said in my first post, 192.168.23.0 gets nated into 195.187.79.4
and I can see it in vpn log (aga is home machine):
[user@vpnserver ~] cat /etc/openvpn/openvpn-status.log

OpenVPN CLIENT LIST
g15,192.168.50.15:1040,93724,41186,Fri Oct 13 16:42:33 2006
aga,195.188.79.4:1330,4006,4428,Fri Oct 13 17:34:57 2006

ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.55.0.14,aga,195.188.79.4:1330,Fri Oct 13 17:35:00 2006
10.55.0.18,g15,192.168.50.15:1040,Fri Oct 13 17:09:44 2006

The question is "shouldn't I rather reach home via 10.55.0.14?" which
doesn't work either, but I concentrated on 192.168.23.0.

I can draw a picture if that would help. I would appreciate any help. 

regards,
Karol
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users