[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora 11 openvpn



Does anyone know of any problems regarding Fedora 11 and openvpn?

Here is his description of the issue:

I think that I have misconfigured something on our LAN.

The intended configuration:
  - there are a couple of class-C subnets which are all connected
     via our VPN (openvpn). 
       - all our subnets are 192.168.x.0 - where x is a prime number
          less than 32.
       - the vpn server is bingo, on my subnet (192.168.11.102)
           - bingo is configured to push routes to all the VPN subnets
              to all clients, as the clients connect
           - the openvpn tunnel addresses are in the range 10.8.0.*
       - the office subnet is 192.168.7.0.  The openvpn client on
          the network is 'finknottle', at 192.168.7.7
             - there are a bunch of other machines in the office,
                including emsworth (192.168.7.9) and baxter
(192.168.7.8)
       - Phil's subnet is 192.168.23.0, openvpn client
'max' (192.168.23.8)
          with some other machines (including 'mistral', 192.168.23.99)
  - We have 3 identical routers in the office, Phil's office, and my
cabin.
     (netgear wnr3500).
         - the routers have static routes to to
192.168.0.0/255.255.128.0,
           gateway: the openvpn client in their location.
           similarly, 10.8.0.0/255.255.255.0 is another static route,
with
           the same gateway.
         - the routers are all ".1" on their respective networks, and
are
           the default route for all the machines.
  - the openvpn client (and server) machines all have the 'ip_forward'
bit
     set, and their iptables rules are identical (and, I think, do the 
right thing).
 

The intent is that anyone, anywhere on the VPN LAN should be
able to talk to any of our machines, via its IP address (e.g., to ping
baxter from mistral). 
Indeed, this (almost) seems to work:
   - my laptop on my LAN (192.168.11.101) can connect to mistral,
      finknottle...etc.

However - the office LAN doesn't seem to work quite correctly:
   - I don't get a response if I ping 'baxter' from 'bingo'
     (this should cause bingo to send the icmp packet down the 'tun'
     device to finknottle, finknottle to decode it and emit it on it's
     'eth0', baxter to respond (sending the response to the router
     at 192.168.7.1 - which should forward to the 192.168.7.7
     gateway (finknottle), which should encrypt the response and
     send it back to bingo via the tun device.
But this doesn't happen.

Going the other way (e.g., to ping 'mistral' from bingo - thus
going through Phil's openvpn client rather than finknottle) _does_
work....so I suspect that I did something wrong either to
finknottle or to the router in the office.

Can you suggest:
  a) what I might have done wrong
  b) how I can test/further diagnose my problem
      (e.g., some traceroute or tcpdump incantations which might
     tell me more)
  c) how I can fix the issue?

We have a very, very expensive piece of equipment that we need
to be able to access via the network...so this really, really needs
to work.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]