Bruce,
Do you have ip_forward enabled on both machines? Look in
/etc/sysctl.conf and see if net.ipv4.ip_forward is set to one (only read
at boot time, so you'll need to set it with the sysctl command if you
don't want to reboot).
On both servers do a netstat -rn
On server A are there routes for the networks associated with B, and on
B are there routes for the networks associated with A? There should be,
for this to work.
If you're following the usual cookbook server/client with X.509 keys,
look at the part in the server.conf file talking about creating a ccd
directory, and connection specific file with an "iroute" statement in it.
If Server B is not the default gateway for the subnet, you'll need to
add a static route to the default gateway that specifies the internal
interface of Server B as the gateway to the addresses associated with
Server A (depending on the circumstances, you might need to do that on
the Server A end too).
Hope that helps.
Regards,
Doug.
On 21/09/2010 4:36 PM, Bruce N wrote:
Thanks for that. Yes, I am pushing and it makes it available only to Server B
and not to it's DHCPd clients which exist on Eth1.
I think the push only helps Server A and Server B to ping each other and not
the other networks they may have contact with.
I have a pastebin of the whole route here:http://pastebin.com/98JhraeJ
Basically anyone on the dhcpd 10.0.0.0/24 can't ping the 172.16.0.1 which is
the OpenVPN server. But, both OpenVPN server and client server can ping each
other.
-Bruce
Date: Tue, 21 Sep 2010 15:25:24 -0400
From: [email protected]
To: [email protected]
Subject: Re: [on-asterisk] OpenVPN Gurus! How to forward all traffic from eth1
to tun0?
Bruce,
On your client (Server B) are you pushing the route in your config ?
route 172.15.0.0 255.255.255.0
push "route 172.15.0.0 255.255.255.0"
Mike
On 09/21/2010 1:57 PM, Bruce N wrote:
Hi Everyone,
I know this is way off-topic of the list but it does involve getting Asterisk
service up and running :-)
In nutshell:
I need to SIP/UDP traffic of eth1 (dhcpd server) traffic to tun0 (openvpn
tunnel) without sending the dhcpd requests to tun0.
In detail:
I have two servers:
Server A running Asterisk and OpenVPN Server.
Server B running DHCPd and has two NIC cards. Eth0 is the WAN to ISP. Eth1 is
the NIC that feeds the Switch with DHCPd IPs to endpoint SIP phones.
Server A and Server B are miles and miles away from each and are connected to
the internet either via Eht0 or Vnet.
OpenVPN on Server A is set to IP range 172.15.0.0/24 so Server A and B can ping
each other in that range with 172.15.0.1 assigned to Server A.
Server B is connected to Server A as an OpenVPN client. I can ping Server A
from Server B when doing: ping 172.15.0.1
However, any endpoints (SIP phones) that have obtained IP from Server B DHCPd
can not ping 172.15.0.1. Network 172.15.0.1 is simple unreachable to them. My
thought was that upon succesful establish of the openvpn connection the routes
will populate properly but it seems that any requests to 172.15.0.1 hit eth0
which is of course wrong. I tried adding routes and I got SIODDART
Here is what I need to accomplish:
Run a DHCPd service on Server B (which has two NIC cards) and feed IPs to SIP
phones and endpoint
Create a tunnel between
Note: I can't do: push "redirect-gateway def1" because it will make Server B
unreachable and Enpoint A points to Server A for DHCP packets which is wrong.
Thanks,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
