Thanks Doubh. I think you are right on point. I thought all the routing should be done on the Server B side but I might be wrong now that you put it this way. However, I can't figure this out and am banging my head against the wall. I also tried brctl but because tun0 is layer 3 it won't bridge with eth1 and that is really not something I'd like to do anyways because of the DHCP in place.
So here is what I have for netstat -rn after all connections are made: Server A - Ovpn_Server: [r...@servera:~]$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0 192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0 0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0 Server B - Ovpn_Client: [r...@serverb:~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.16.0.1 172.16.0.13 255.255.255.255 UGH 0 0 0 tun0 172.16.0.13 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 172.16.0.0 172.16.0.13 255.255.255.0 UG 0 0 0 tun0 10.10.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1 0.0.0.0 10.10.9.1 0.0.0.0 UG 0 0 0 eth0 I have everything included all the settings posted into pastebin, if you can please have a look and let me know what I am missing: http://pastebin.com/GHQry456 Thanks a lot, Bruce > Date: Tue, 21 Sep 2010 17:44:44 -0400 > From: [email protected] > To: [email protected] > Subject: Re: [on-asterisk] OpenVPN Gurus! How to forward all traffic from > eth1 to tun0? > > Bruce, > Do you have ip_forward enabled on both machines? Look in > /etc/sysctl.conf and see if net.ipv4.ip_forward is set to one (only read > at boot time, so you'll need to set it with the sysctl command if you > don't want to reboot). > > On both servers do a netstat -rn > > On server A are there routes for the networks associated with B, and on > B are there routes for the networks associated with A? There should be, > for this to work. > > If you're following the usual cookbook server/client with X.509 keys, > look at the part in the server.conf file talking about creating a ccd > directory, and connection specific file with an "iroute" statement in it. > > If Server B is not the default gateway for the subnet, you'll need to > add a static route to the default gateway that specifies the internal > interface of Server B as the gateway to the addresses associated with > Server A (depending on the circumstances, you might need to do that on > the Server A end too). > > Hope that helps. > > Regards, > Doug. > > > On 21/09/2010 4:36 PM, Bruce N wrote: > > > > Thanks for that. Yes, I am pushing and it makes it available only to Server > > B and not to it's DHCPd clients which exist on Eth1. > > I think the push only helps Server A and Server B to ping each other and > > not the other networks they may have contact with. > > > > I have a pastebin of the whole route here:http://pastebin.com/98JhraeJ > > > > Basically anyone on the dhcpd 10.0.0.0/24 can't ping the 172.16.0.1 which > > is the OpenVPN server. But, both OpenVPN server and client server can ping > > each other. > > > > -Bruce > > > > > > > > Date: Tue, 21 Sep 2010 15:25:24 -0400 > > From: [email protected] > > To: [email protected] > > Subject: Re: [on-asterisk] OpenVPN Gurus! How to forward all traffic from > > eth1 to tun0? > > > > > > Bruce, > > > > On your client (Server B) are you pushing the route in your config ? > > > > route 172.15.0.0 255.255.255.0 > > push "route 172.15.0.0 255.255.255.0" > > > > Mike > > > > On 09/21/2010 1:57 PM, Bruce N wrote: > > Hi Everyone, > > > > > > I know this is way off-topic of the list but it does involve getting > > Asterisk service up and running :-) > > > > > > > > In nutshell: > > > > I need to SIP/UDP traffic of eth1 (dhcpd server) traffic to tun0 (openvpn > > tunnel) without sending the dhcpd requests to tun0. > > > > > > > > In detail: > > > > I have two servers: > > > > > > > > Server A running Asterisk and OpenVPN Server. > > > > Server B running DHCPd and has two NIC cards. Eth0 is the WAN to ISP. Eth1 > > is the NIC that feeds the Switch with DHCPd IPs to endpoint SIP phones. > > > > > > > > Server A and Server B are miles and miles away from each and are connected > > to the internet either via Eht0 or Vnet. > > > > > > > > OpenVPN on Server A is set to IP range 172.15.0.0/24 so Server A and B can > > ping each other in that range with 172.15.0.1 assigned to Server A. > > > > > > > > Server B is connected to Server A as an OpenVPN client. I can ping Server A > > from Server B when doing: ping 172.15.0.1 > > > > > > > > However, any endpoints (SIP phones) that have obtained IP from Server B > > DHCPd can not ping 172.15.0.1. Network 172.15.0.1 is simple unreachable to > > them. My thought was that upon succesful establish of the openvpn > > connection the routes will populate properly but it seems that any requests > > to 172.15.0.1 hit eth0 which is of course wrong. I tried adding routes and > > I got SIODDART > > > > > > > > Here is what I need to accomplish: > > > > > > > > Run a DHCPd service on Server B (which has two NIC cards) and feed IPs to > > SIP phones and endpoint > > > > Create a tunnel between > > > > Note: I can't do: push "redirect-gateway def1" because it will make Server > > B unreachable and Enpoint A points to Server A for DHCP packets which is > > wrong. > > > > > > > > > > > > Thanks, > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
