openvpn and routing
tensai at zmonkey.org
Thu Mar 7 16:47:05 MST 2013
On 03/07/2013 02:58 PM, Charles Curley wrote:
> I tried installing openvpn and following this tutorial:
> I got as far as the statement "You should probably configure your route
> at this step." I have tried several "route add" commands but none seem
> to produce useful results. I can ping the local side of the connection,
> but not the remote side.
I would check your firewall rules and ensure you are allowing pings. You
should be able to ping the remote side of the VPN. You're using the
10.9.8.1 and 10.9.8.2 addresses?
The document doesn't make it clear, but my guess about the route is for
when you want to use the server as a gateway to the rest of the network.
In that case, you need a route on your client pointing back to the rest
of the network on the server.
Now in your case, you have 192.168.1.0/24 on both sides of the network
so I would suggest you change that. Ah, the fun of RFC 1918 conflicts.
So if your server was instead on 192.168.100.0/24, you would add a route
to that network from your client:
root at yendi:/# ip route add 192.168.100.0/24 via 10.9.8.1
You will also need to enable IP forwarding on the server (in /proc and
iptables). Check out the "push" and "pull" options for a more automatic
method of distributing that route.
More information about the PLUG