Topic: OpenVPN Server-Bridge

[elysium]

Hello!

I have a big problem ... still existing after reading hours over hours in this and other forums.

I installed the OpenVPN contrib and it is working fine when it comes to connection.
...but the problem is, when I´m connected I can only ping the server I´m connected to.
All the other clients connected on the server-side cannot be reached.

My connection looks like this (nothing unusual)

vpn-client ---> WAN ---> vpn-server ---> lan

|-----------------------------------||------|
            working                                   X

192.168.1.0---> XXX.XXX.XXX.XXX ---> 192.168.2.0 / 10.5.108.0 ---> 10.5.108.0


Hope somebody can help me ...

Cheers!

[Daniel B.]

Hi.
I don't understand your schem

what's your SME internal IP and network? Does it work in server only or server and gateway?

It should just work as it's bridge mode (which means your client gets an ip of the internal network, and all the âckets, even arp ones will be sent over the tunnel)

[elysium]

The internal is 10.5.108.230
DHCP works! My VPN-Client get an IP-Address!

In the network environement I can also see the workgroups.
SMB works too - but only for the SME-Server

It looks as if the network "behind" the SME is not existing.
If I connect via SSH I can ping all the clients but not via VPN.

SME is working in server and gateway mode.

So everythings working fine but the network (the clients and workstations) are not reachable!

         home-pc                          internet                               SME                       Clients
192.168.1.0/10.5.108.71---> XXX.XXX.XXX.XXX ---> 192.168.2.0 / 10.5.108.0 ---> 10.5.108.0
    eth              tab1                    wan                       ext.net        int.net              int.net

is this scheme better???

so a ping leaves my pc over the tunnel - passes ext.net of SME and enters int.net. / everything afterwards seems cuttet!

[elysium]

no idea???

[Franco]

You're trying to set up two distinctives networks, connected by VPN using the same IP range? That's why it does not work.
You need to use different ranges.

[elysium]

don´t think so ... my normal home net is the 192.168.1.0.
tab1 gets it ip via dhcp to get a connection to the internal lan at work (I think this is the right behaviour)

Did I get it right???

As I said I can ping the internal LAN but only the SME

[brick]

Did I get it right???

elysium,
Listen to what stuntshell is trying to tell you!
Your setup won't work, your network will look for the internal hosts and not the VPN.

Good luck.

[elysium]

...hmmm... I think I´m not getting it ... do you have a little example?
The home net can be changed to a range that fits ... but what fits?

By now I´m totally lost and scatterbrained ...

Just a little hint please!!!

[Franco]

what do you mean by tab1? Is this the IP that the VPN server is giving you?
192.XXX and 10.XXX are both private ranges. Are your networks 192.168.1.X and 192.168.2.X or 10.5.108.X?

[elysium]

homenet = 192.168.1.0
tap1 =  virtual vpn adapter with dhcp enabled - gets IP from OpenVPN-Server
eth1 net of SME (ext.LAN) = 192.168.2.0
eth0 net of SME (int.LAN) = 10.5.108.0

The SME has two nic´s - one for the so-called external LAN one for the internal.

The internet connection is established through a router on both sides (home & work)

What I need is a connection to the internal LAN of the SME.
It works - my virtual adapter get an IP - but I cannot reach the rest of the internal network.

The connection simply gets routed through the external nic and connects to the internal.

[elysium]

Correction:

I always wrote tab but meant tap

Sorry

[Franco]

OK, if I understand you correct, then all you have to do is configure the VPN correctly: Make sure the advanced configuration has the 'Redirect Gateway' enabled and 'Client to Client' enabled. After that you should be able to pass traffic and see everyone else on the other side.

[elysium]

...just tried it ... guess! It doesn´t work!
Still the same behaviour as before. 

[Daniel B.]

Hi.
Sorry for not responding before, but your problem is currious, I don't have a clear idea where it comes from. Have you checked the firewall on your client? It can blocks the connexion sometimes, try to disable it for thre tap interface

[elysium]

...already did that! Firewalls are BAAAADDDDD...
but that didn´t solver the prob.

Meanwhile I found a point to start at: the routes

I think the clients were not able to answer because they didn´t know the way to the tunnel.
So I added a route to one of the clients pointing directly at the vpn-client and it worked.

Do I have to enter 10 routes to each client connected when there are 10 vpn-connections???
Or is it possible to add one route for an ip range?

I think the routes will solve the problem