From: Davide C. <dav...@in...> - 2006-03-27 18:00:00
|
Hi all, I am trying to setup a VPN to enable road-warrior connections to the internal LAN; I am using routing mode. My internal net has 192.168.1.0/24 netmask, and 192.168.1.1 (Cisco PIX firewall) as default gateway for all internal PCs (all WinXP). OpenVPN server is running on 192.168.1.76 (Win2003, public web/ftp server), using 10.8.0.0/24 netmask for the virtual network. The point-to-point VPN is running correctly, but I have problems accessing other PCs in the internal LAN: I can access them only if I manually execute route add 10.8.0.0 mask 255.255.255.0 192.168.1.76 on every internal PC. But the FAQ says that I can do that by: # adding a route in your default gateway for the VPN network IP subnet pointing to the OpenVPN machine, OR # adding a route to every client But the first method doesn't work. I added on the Cisco PIX the static route 10.8.0.0 255.255.255.0 -> 192.168.1.76 (internal iface) but this seems to enable only the route between 192.168.1.1 <-> 10.8.0.0 (i.e. I can ping 192.168.1.1 from the VPN client), as it does in "normal" PCs. I would expect that a "ping 10.8.0.6" from an internal PC (e.g. 192.168.1.34) would follow this route: 192.168.1.34 (src host) -> 192.168.1.1 (default gw) -> 192.126.1.76 (vpn gateway) -> 10.8.0.6 (vpn endpoint) without manually adding the route to 192.168.1.76 to every internal PC. I suspect there's something wrong on my PIX firewall setup... Any help would be greatly appreciated... Thanks in advance! Davide |