hi there. i'm new to the list and i have a problem accessing the
whole lan where the server lies.
the scenario is the following:
CLIENT (Windows) belongs to 192.168.1.x subnet and has the following
conf:
client
dev tun
proto udp
remote my.vpn-server 1195
nobind
tls-client
ca C:\\openvpn\\keys\\ca.crt
cert C:\\openvpn\\keys\\client.crt
key C:\\openvpn\\keys\\client.key
tls-auth C:\\openvpn\\keys\\tls-auth.key 1
cipher DES-EDE3-CBC
comp-lzo
verb 4
mute 20
SERVER (linux) belongs to 192.168.200.x (the subnet i want the client to
access to) and has the following conf:
;local 192.168.200.111
port 1195
proto udp
dev tun
tls-server
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-auth /etc/openvpn/keys/tls-auth.key 0
ifconfig-pool-persist /etc/openvpn/ipp.txt
;push "redirect-gateway"
push "route 192.168.200.0 255.255.255.0"
push "dhcp-option DNS 192.168.200.95"
client-to-client
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
max-clients 40
user nobody
group nobody
duplicate-cn
cipher DES-EDE3-CBC
status /etc/openvpn/log-status.log
log /etc/openvpn/log-openvpn.log
log-append /etc/openvpn/log-openvpn.log
verb 4
mute 20
everything is up and running and client sees the server and
viceversa thru the VPN lan 10.8.0.x.
the problem is that the client doesn't reach the 192.168.200.x
machines on the server lan.
I know it is a routing matter but i ended up with no results when
trying to modify the server's route table.
what are the correct route rules that apply to this case?
thanks for helping ;)
--
Ernesto Franchini <ernesto.franchini@xxxxxxxxxxx>
Linux System Administrator :: IT Office
Prodigit SRL _
Via Mecenate 76/9 - 20138 Milano ASCII ribbon campaign ( )
Tel. 02/509081 - Fax. 02/50908080 - against HTML email X
www.prodigit.it & vCards / \
"The grabbing hands grab all they can, everything counts in large
amounts"
Attachment:
signature.asc
Description: PGP signature
|