VPN help : request on route (new thread)

[Saji (Joseph John )]

Hi All,
This is the continuation of the mail which I had posted with the subject  [Help requested for route command ( To access other side of VPN Server )]

IP forwarding
IPtables flushed
selinx disabled
route command pushed to client


My VPN Client ip is 192.168.3.101

and My VPN Server  interfaces are 
    eth0= connected to the public IP
    eth1= interface is 192.168.50.30/24

I did a openvpn connection from my client to OpenVPN Server now
my client interfaces are
    eth0 = 192.168.3.101
    tun0 = 10.28.0.10

My Server interfaces are
    eth0 = Public IP
    eth1 = 192.168.50.30/24
    LAN GW = 192.168.50.1
    tun0 = 10.28.0.1

My Server route -n command shows

[root@reserved-94 openvpn]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.10.11     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.28.0.2       0.0.0.0         255.255.255.255 UH    0      0        0 tun0
XXX.XX.XX.XX    0.0.0.0         255.255.255.252 U     1      0        0 eth0
10.28.0.0       10.28.0.2       255.255.255.0   UG    0      0        0 tun0
192.168.50.0    0.0.0.0         255.255.255.0   U     1      0        0 eth1
0.0.0.0         XXX.XX.XX.XX    0.0.0.0         UG    0      0        0 eth0
     


I am able to connect to the server from my clients, but clients cannot ping behind VPN eth1 interfaces
ie from my client I can ping VPNServer eth1 (192.168.50.30), but cannot ping to the other side, It has to do some setting with route command.

I am able to connect to the server from my clients, but clients cannot ping behind VPN eth1 interfaces
ie from my client I can ping VPNServer eth1 (192.168.50.30), but cannot ping to the other side, ie to some machine inside VPN server LAN , let it be 192.168.50.25 . It has to do some setting with route command.

Please note that  :-
In   VPN server  machine (192.168.50.30) when I did a reverse route to my clienet PC  network,
ie route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.28.0.2

and in the VPN -LAN -PC  (192 .168.50.25) when I did
route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.50.30

I am able to ping from VPN-LAN Machine to my client  ie from 192.168.20.25 I can ping to 192.168.3.101

Some of the route command which I tried in the VPN server and was not success  are
route add -net 192.168.50.0 netmask 255.255.255.0 gw 192.168.50.1

Now the situation is
From the client I can traceroute till VPN server  and vice versa
From VPN -LAN -PC (192.168.50.25) I can ping to VPN Client 192.168.3.101 (after giving route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.50.30  at 20.25)
I cannot ping /tracerote from  client to VPN LAN PC ( ie Cannot ping from 192.168.3.101 to 192.168.50.25)

 I have attached an image of the Network
thanks
Joseph John

[Roopesh Sivam]

 Tracerote and ping details from vpn client machine.

[Saji (Joseph John )]

Traceroute from client
joseph@saji:~$ traceroute 192.168.50.30
traceroute to 192.168.50.30 (192.168.50.30), 30 hops max, 60 byte packets
 1  192.168.50.30 (192.168.50.30)  294.031 ms  294.041 ms  294.050 ms
joseph@saji:~$

but when I do trace route to some IP inside the LAN it stops
joseph@saji:~$ traceroute 192.168.50.10
traceroute to 192.168.50.10 (192.168.50.10), 30 hops max, 60 byte packets
 1  10.28.0.1 (10.28.0.1)  296.795 ms  296.802 ms  296.803 ms
 2  * * *
 3  * * *
 4  * * *

Able to do trace route to 192.168.3.101 from 50.25 [VPN-SErver]
[VPN-Server~]# traceroute 192.168.3.101
traceroute to 192.168.3.101 (192.168.3.101), 30 hops max, 40 byte packets
 1   (192.168.50.30)  0.457 ms  0.432 ms  0.421 ms
 2   (192.168.3.101)  295.848 ms  296.382 ms  296.365 ms
[VPN-Server~]#

[Saji (Joseph John )]

Hi All
Want to add the conf files also
Added server and client conf
thanks

[Joseph John]

Thanks to all and
Thanks Roopesh

It is working now, I will up date the list with proper docs

THANKS

--
--
"Freedom is the only law".
"Freedom Unplugged"
http://www.ilug-tvm.org
 
You received this message because you are subscribed to the Google
Groups "ilug-tvm" group.
To control your subscription visit http://groups.google.co.in/group/ilug-tvm/subscribe
To post to this group, send email to ilug...@googlegroups.com
To unsubscribe from this group, send email to
ilug-tvm-u...@googlegroups.com
 
 
 
For details visit the google group page: http://groups.google.com/group/ilug-tvm?hl=en

---
You received this message because you are subscribed to a topic in the Google Groups "Free Software Users Group, Thiruvananthapuram" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ilug-tvm/1D3QZMN9kAo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ilug-tvm+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Roopesh Sivam]

ohh great,

Thankyou

You received this message because you are subscribed to the Google Groups "Free Software Users Group, Thiruvananthapuram" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ilug-tvm+u...@googlegroups.com.

[Roopesh Sivam]

Please post both server and client conf when you get time.

 I sugest not to use manual routing in client pc, better to have them in gateways and vpn servers.