From: Phil B. <phi...@bl...> - 2006-06-01 10:38:20
|
Martin Müller - Rudolf Hausstein OHG wrote: > So I changed my second LAN to your suggestion. But it wasnt working > (like 10.8.0.0). Cant reach the Server-LAN from the Client-Lan. > > So what I think is, that the problem belongs to the networkmask. > I changed my Client-LAN to 192.168.200.0 > > #/etc/openvpn/server.conf > route 192.168.200.0 255.255.255.0 > push "route 192.168.100.0 255.255.255.0" > Here again, I put away the line > 'push "route 192.168.200.0 255.255.255.0" ' > because when I use this, the Clients of 192.168.200.0/24 cant reach > 192.168.200.99. Maybe this is because you are using redirect-gateway. I have that push route line in my own server.conf and I have no problems but you seem to get an extra route in your client routing table that I don't get. Strange. :) > route in the client with tun0 up: > Ziel Router Genmask Flags Metric Ref Use > Iface > 192.168.100.0 192.168.123.5 255.255.255.0 UG 0 0 0 > tun0 > 192.168.200.0 192.168.123.5 255.255.255.0 UG 0 0 0 > tun0 > 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 ^^^^^^^^^^^^^^^ > 192.168.123.0 192.168.123.5 255.255.255.0 UG 0 0 0 > tun0 Again you have two routes for 192.168.200.0 - one sending it down eth0 and one down tun0. If you removed the push "route 192.168.200.0 255.255.255.0" line, I am not sure why you are getting this. Try disabling push "redirect-gateway" first of all and test pings etc to see if it works. Next.. Have you tried sniffing the tun0 interface to see what's happening? Do a ping on your client like: ping 192.168.100.1 -I 192.168.200.1 (Change the IP's if the ones I used are wrong. The first one should be any machine on your server LAN and the second one should be the local IP on your client gateway. This makes it looks like the ping came from your client LAN.) Log on your server and use tcpdump -i tun0 or ethereal if you have it to see if the pings are coming through. If you use the IP's above, you should see something like: 11:18:29.793920 IP 192.168.200.1 > 192.168.100.1: icmp 64: echo request seq 3 11:18:29.794440 IP 192.168.100.1 > 192.168.200.1: icmp 64: echo reply seq 3 As before your routes look OK. Phil |