LAN-to-LAN

Home Page Forums Network Management Networking LAN-to-LAN

This topic contains 1 reply, has 0 voices, and was last updated by  wilderbeest 10 years, 6 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #41349

    wilderbeest
    Member

    Hello everyone,

    Just bought my first Alix board and installed zeroshell as a router. I run openvpn for my company on a server hosted with an ISP so we can connect to each other’s machines as we are all working at home. Currently, the openvpn server assigns an IP address in the 10.8.0.0/24 range to each connected client.

    I now want to connect the whole LAN behind my zeroshell router to the openVPN server.

    My LAN is 192.168.2.0/24
    openVPN clients connect to 10.8.0.0/24

    Here is my server configuration for openvpn:


    dev tun
    proto tcp
    port 1194

    client-config-dir ccd

    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/server.crt
    key /etc/openvpn/easy-rsa/keys/server.key
    dh /etc/openvpn/easy-rsa/keys/dh1024.pem

    user nobody
    group nogroup
    server 10.8.0.0 255.255.255.0
    route 192.168.2.0 255.255.255.0

    persist-key
    persist-tun
    status openvpn-status.log
    verb 5
    client-to-client
    push "redirect-gateway def1"
    push "route 10.8.0.0 255.255.255.0"
    push "route 192.168.2.0 255.255.255.0"
    log-append /var/log/openvpn
    comp-lzo

    The ccd configuration file for the zeroshell box is


    iroute 192.168.2.0 255.255.255.0

    I have no problem connecting zeroshell to the openVPN server and it generates a LAN-to-LAN network called VPN00. The logs on the server also show successful connection:


    Tue Dec 9 04:00:44 2008 us=337335 86.143.237.1:47966 [christian-zeroshell] Peer Connection Initiated with 86.143.237.1:47966
    Tue Dec 9 04:00:44 2008 us=337390 christian-zeroshell/86.143.237.1:47966 OPTIONS IMPORT: reading client specific options from: ccd/christian-zeroshell
    Tue Dec 9 04:00:44 2008 us=337485 christian-zeroshell/86.143.237.1:47966 MULTI: Learn: 10.8.0.6 -> christian-zeroshell/86.143.237.1:47966
    Tue Dec 9 04:00:44 2008 us=337498 christian-zeroshell/86.143.237.1:47966 MULTI: primary virtual IP for christian-zeroshell/86.143.237.1:47966: 10.8.0.6
    Tue Dec 9 04:00:44 2008 us=337510 christian-zeroshell/86.143.237.1:47966 MULTI: internal route 192.168.2.0/24 -> christian-zeroshell/86.143.237.1:47966
    Tue Dec 9 04:00:44 2008 us=337523 christian-zeroshell/86.143.237.1:47966 MULTI: Learn: 192.168.2.0/24 -> christian-zeroshell/86.143.237.1:47966
    Tue Dec 9 04:00:44 2008 us=337564 christian-zeroshell/86.143.237.1:47966 REMOVE PUSH ROUTE: 'route 192.168.2.0 255.255.255.0'

    Here comes my problem:

    The zeroshell routing table does not show any entries that reflect the VPN00 – I should be able to ping 10.8.0.1 (the openVPN server) but I can’t. If I assign an IP address to the VPN connection (10.8.0.7 – I am guessing here), the VPN00 shows up in the routing table, put I still can not ping 10.8.0.1.

    I think I’m doing something fundamentally wrong here….

    Any ideas will be appreciated.

    Best Regards,

    Christian

    #47257

    wilderbeest
    Member

    Routing table on the zeroshell Alix box:


    192.168.2.0 255.255.255.0 Net 0 none BRIDGE00 U Up Auto
    10.8.0.0 255.255.255.0 Net 0 none VPN00 U Up Auto
    192.168.1.0 255.255.255.0 Net 0 none ETH01 U Up Auto
    DEFAULT GATEWAY 0.0.0.0 Net 0 192.168.1.1 ETH01 UG Up Auto

    Routing table on the remote unix server running openVPN:


    Destination Gateway Genmask Flags Metric Ref Use Iface
    10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    78.47.126.0 0.0.0.0 255.255.255.248 U 0 0 0 eth0
    78.46.40.128 78.46.40.129 255.255.255.224 UG 0 0 0 eth0
    78.46.40.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0
    192.168.2.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
    10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
    0.0.0.0 78.46.40.129 0.0.0.0 UG 0 0 0 eth0

    The VPN Settings on the zeroshell server:

    #47258

    wilderbeest
    Member

    Hi alll,

    Found the solution myself – you can’t use tun interfaces, you have to use a tap interface. So I changed my server configuration from tun to tap and took out the additional commands to openvpn on the zeroshell router and things are fine.

    Best Regards,

    Christian

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.