On Mon, Jul 21, 2008 at 07:02:53PM -0700, peasthope@shaw.ca wrote: > Folk, > > I have a tunnel as described in openvpn.man, > Example 2, between my home 10.4.0.1 and work > 10.4.0.2 machines. > "ping 10.4.0.1" from 10.4.0.2 > and > "ping 10.4.0.2" from 10.4.0.1 > succeed as expected. > > Routing from the LAN attached to 10.4.0.2 does > not work yet. > > Near the end of openvpn(8) dated 3 August 2005, > James Yonan wrote, > jy> "Routing: > ... enable TUN packet forwarding through the firewall: > iptables -A FORWARD -i tun+ -j ACCEPT > ..." > which suggests that iptables is involved in routing. > > Whereas in the Shorewall mailing list, Tom Eastep > commented, > "You don't specify routing in Shorewall or using > iptables. You specify routing via OpenVPN." > > So I'm left with two questions. > > * What is the iptables command above doing? > > * What does Tom mean by "... specify routing > via OpenVPN."? > > Thanks for any ideas, ... Peter E. There are 2 parts to the routing question. 1) Does the kernel do ip packet forwarding - this is need to route ipv4 packets have a look in /etc/ssyctl.conf, there shouldbe an entry net.ipv4.ip_forward, set it to 1 and either reload sysct.conf with systl -p or use sysctl -w net.ipv4.ip_forward=1 2) does your firewall allow the packets through you will need to check your rules to see if you allow traffic from the local lan to the remote lan > > -- > http://carnot.yi.org/ > = http://carnot.pathology.ubc.ca/ > Desktops.OpenDoc http://members.shaw.ca/peasthope/ > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > -- "We've had no evidence that Saddam Hussein was involved in Sept. 11." - George W. Bush 08/17/2003 Washington, DC
Attachment:
signature.asc
Description: Digital signature