OpenVPN Configuration (Was XP Linksys DHCP Hatred)

Hans Fugal hans at fugal.net
Fri Oct 28 07:00:24 MDT 2005


On Fri, 28 Oct 2005 at 02:11 -0600, Chris Carey wrote:
> This talk about OpenVPN got me interested in it. I installed OpenVPN
> on the OpenWRT linux distro on a Linksys WRT54G. After some work I was
> able to get "routed" mode working. At this point the client can ping
> the server machine and can connect to it. The client can not see the
> rest of the LAN though. After many hours its getting a little
> frustrating. In the docs it says that this can be solved using
> "bridged" mode , which Ive tried. For some reason "bridged mode"
> requires SSL/tls certificates . Created them, set them up. No go. Some
> how-tos also say that it can be done in "routed" mode with more rules.
> I prefer using "routed" mode with a secret key file. It seems to work
> smoother at this point.

Ok, we need more information. Internal IP addresses, network topology,
and the entire openvpn config (minus the shared keys) for both sides
would help too.

I think you're confused about bridging requiring TLS, it does not. It
would require you to set up the wrt with bridging which is not a walk in
the park. In any case you should be able to get routing mode to work,
all that will not work is broadcast traffic such as smb without wins.

> ip_forwarding is enabled on the firewall (which is also the OpenVPN
> server). The server creates a tun0 rule for the VPN so I added rules:
> 
> iptables -I FORWARD -i tun0 -j ACCEPT
> iptables -I FORWARD -o tun0 -j ACCEPT
> 
> Still cant ping any other machines on the LAN thru VPN. Only the server.

Again, I'll need more information, but it's probably a routing issue.

-- 
Hans Fugal ; http://hans.fugal.net
 
There's nothing remarkable about it. All one has to do is hit the 
right keys at the right time and the instrument plays itself.
    -- Johann Sebastian Bach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20051028/33c4bb10/attachment.bin 


More information about the PLUG mailing list