|
|
Erich Titl wrote: > Jeremy > > Jeremy Cheng wrote: >> Hi Erich, >> >> Thanks for your reply. Here's a shot at what I think might be "relevant": >> >> say 10.0.0.0/24 is our local lan behind the watchguard where the >> openvpn server sits. The watchguard builds an ipsec tunnel with >> unknown cisco device at our colo managed by a different entity where >> the local subnet is 10.0.1.0/24. The watchguard some how automagically >> knows to route traffic coming from 10.0.0.0/24 to 10.0.1.0/24 through >> the IPSEC tunnel for everything but OpenVPN clients. > > Not really automagically, there is a tunnel and a route set. Of course... I am just saying that as in I am not able to edit any of the routing config that's related to the tunnel. The routes are automatically put in when I created the tunnel which are not displayed in the regular routes section of the WG admin UI. > > The servers at colo also have >> persistent routes setup to know where the return path gateway is for >> 10.0.0.0/24. >> >> I don't think it's a firewall issue because why would all other nodes >> work? > > Because they are in a known network, whereas your OpenVPN traffic is in > a different one. I am not sure I know what you mean by this. Since I am running bridge mode, my OpenVPN IP is just like anyone else's IP in the same subnet. Doesn't that qualify it to be virtually in the same network? > >> >> Any other info I can provide? Other ideas? > > Sure, routing tables, packet dump on the tun interface. Use a tool like > tcpdump to look at your packets. > Done all that... had no luck so-far... I have always been able to route for OpenVPN clients no prob when I was running a BSD router behind the firewall but was hoping I didn't have to do that again. > cheers > Erich Anyways, thanks for the help. I will keep on hacking away to see if I can find something. I will report back if I find a solution. Thanks, ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |