[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN and Windows network drive maps

  • Subject: Re: [Openvpn-users] OpenVPN and Windows network drive maps
  • From: "Steve Poe" <steve.poe@xxxxxxxxx>
  • Date: Thu, 4 Jan 2007 14:55:18 -0800
So, I need to add 10.0.0.40 as a routing destination to the servers I am trying to access via OpenVPN? Then, if it can find 10.0.0.40, then it will find 10.8.x.x ?

Steve

On 1/4/07, Darren Spruell <phatbuckett@xxxxxxxxx> wrote:
On 1/4/07, Steve Poe <steve.poe@xxxxxxxxx> wrote:

<snip network architecture>

You're missing a subtle but crucial point that has to do with routing operation.

Your server (10.0.0.1) gets a packet from your openvpn client (10.8.x.x).

It wants to generate traffic back to that client.

Who does it send the traffic to so that it can *route* to 10.8.x.x?

Your server probably doesn't have 10.8.x.x addresses in the routing
table, so who does it send the packet to? (Keep in mind that your
network stack doesn't keep track of who the packet was received from;
just because an inbound packet routed in from the openvpn server, your
samba box doesn't know to send traffic back to him. You need a routing
table entry. (In  your situation, maybe a static route on every host
on your LAN that your openvpn clients need to communicate with.)

Alternatively, you may be able to add a route to your default gateway
telling it that 10.8.x.x routes through 10.0.0.40 . Then as your
systems try to send return traffic through the default gateway (since
they don't have a better route!) your gateway might generate an ICMP
redirect telling them that they really need to go through 10.0.0.40.
This won't always work / be accepted, though.

--
Darren Spruell
phatbuckett@xxxxxxxxx

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users 

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users