[mdlug] openvpn client link to private LAN access
David Favro
mdlug at meta-dynamic.com
Sat Jan 27 00:17:51 EST 2007
- wrote:
> I setup openvpn on one of my WAN accessible machine and having a issue
> seeing clients inside my private LAN from my VPN connected machine. I
> believe most of the settings are correct because I can ping the
> gateway of the private LAN and the private IP of the server running
> the VPN server software.
>
> Example from the VPN connected client I can ping 192.168.1.1
> <http://192.168.1.1> (a router) also I can ping 192.168.1.5
> <http://192.168.1.5> (machine running openvpn) but thats it. From
> the 192.168.1.5 <http://192.168.1.5> I can ping all my internal
> machines fine. I have pushed the "192.168.1.0 <http://192.168.1.0>
> 255.255.255.0 <http://255.255.255.0>" route in the server.conf also
> the client-to-client option as well. from the VPN client I do see the
> 192.168.2.1 <http://192.168.2.1> route in the route table.
You very likely need to set up the correct routing on your openvpn
"server" (and clients). When you say, "_clients_ inside my private
LAN", I assume you mean openVPN clients? If so, OpenVPN *should* do the
routing for you if all of your openvpn configs are set up correctly
(client-to-client).
But you also talk about "the machine running OpenVPN", which seems to
imply that there are machines that *aren't* running OpenVPN. If the
"inside my private LAN" machines are *not* on OpenVPN, you need to give
more information about your network config (e.g. what is the openvpn
network IP address vs. your internal network's IP address?) to say what
are the exact commands to set up the routing -- you could try:
echo 1 > /proc/sys/net/ipv4/ip_forward
...but you will probably also need some additional 'route' or 'iptables'
commands (or get OpenVPN to run them for you), and I just can't figure
out from the way you reported it what your network setup is.
Best thing is to send all 3 OpenVPN config files, server,
external-client, and internal-client, plus the output of 'route -n' and
'ifconfig' from all 3 machines, while OpenVPN is running.
More information about the mdlug
mailing list