[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Routing problem with OpenVPN.

Hi guys,

I Wonder if I could pick your minds for a moment with a routing problem I am having.

I've been asked to setup a VPN for a client to so they can log into their linux server from home. That part of things I was able to handle no problems. Now he wants to be able to use VNCviewer to take over his work desktop over the VPN, and it is here that I am having routing problems.

The work network is a network, with the VPN/samba server on and the internet gateway router on

The VPN is using OpenVPN in a TUN routed mode. (meaning the network it is connecting to must have a different subnet from the home network.) I'm using my laptop and home network to test this before setting it up at his end.

The network looks like this:

Internal machine on work network.
X (this machine can ping the remote laptop,
X but the remote laptop cannot ping it.)
OpenVPN/Samba server ( local interface )
| (Tun VPN interface
Internet gateway router.  ( local interface)
| (Router port forwards port 5000 traffic to VPN server:
Home network router. (
| (NAT provided to local clients)
Laptop (Tun
Running VPN client, connecting to VPN server perfectly, able to ping vpn servers local network connection as well as vpn IP's
(pinging both and works fine from here.)
But this machine cannot ping any address's past the VPN server and that is what I need to solve.

The route on the client laptop is:

Which correctly directs all traffic for a network over the VPN to the server.

The route on the server is:
route add  netmask gw
Which correctly directs traffic for 192.168.1.x to the TUN VPN.
(since the server already has an interface on the 192.168.0.x network, it has a default route for those packets in its routing table as well.)

- The VPN server can ping everyone, internal clients behind it, the router itself, and my remote address.
- The remote laptop can ping all of the vpn servers interfaces.
- The remote laptop can NOT ping any other machine on that remote work network other then the servers interfaces
and that is what I need to fix.

It seems like the VPN server will not accept any packets for IP's that it doesn't have an exact interface match for, even though it has a route statement in place that is supposed to route any 192.168.0.x packets out of it's own local interface to that network. (eth0)
I've been pulling my hair out all weekend trying to work this out.

If it helps, here is the routing table from the VPN server.

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface * UH 0 0 0 tun0 UG 0 0 0 tun0 * U 0 0 0 eth0       *            U         0 0          0 lo
default         vpn.eze-grou         UG        0 0          0 eth0

As you can see, it has default route for 192.168.0.x because it has a local interface on that network. I've added the " UG 0 0 0 tun0" to route traffic for 192.168.1.x to the VPN which is working perfectly.

but the VPN server will not accept a ping from the remote laptop and route it to a machine on it's local network and I can't figure out why. I even tried at one stage adding an explicite route like so: UGH 0 0 0 eth0

To see if I could get it to accept the ping to and route it to it's local eth0 interface (
but that hasn't worked either.

There are no firewalls blocking anything, so it's not a case of filtering.

Please please PLEASE, anyone with any knowledge of routing have a look at this and see what I'm missing.. :-)



Reply to: