Douglas, Thanks for the feedback. The reason why I was hitting the tunnel address is because Server A (openvpn server/Asterisk server) is a stand alone server and doesn't have any local IP number. It has a Vnet with Public IP address and then loop back of 127.0.0.1. If I ping the public IP address then my ping doesn't go through the tunnel and I am not sure if that's right anyways because then NAT stuff and externip should kick in. So, I don't have another IP than the tun IP to ping or register to. Am I missing something? Following is the netstat -rn: Server A - OpenVPN Server - Tun address: 172.16.0.1 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.50.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0 172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0 192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0 0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0 Server B - OpenVPN Client - Tun address: 172.16.0.6 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.16.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 172.16.0.0 172.16.0.5 255.255.255.0 UG 0 0 0 tun0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 Regards, Bruce
> Date: Wed, 22 Sep 2010 10:20:48 -0400 > From: [email protected] > To: [email protected] > Subject: Re: [on-asterisk] OpenVPN Gurus! How to forward all traffic from > eth1 to tun0? > > Bruce, > > I'm a little confused about exactly where you are in all of this, but > two things come to mind. > > I don't think I would use the tunnel address as the target of the phones > - I'd suggest trying the address of the Ethernet interface of your > Asterisk system. > > Try doing a netstat -rn on both systems again - my comment about needing > to see routes on both systems still applies. Try pinging the address of > the Asterisk server from something with a 192.168.100.0/24 address like > the phones (from one of the phones if they support it). If you can't > ping, it won't work (however, sometimes pings are filtered, which makes > debugging tough). > > Remember that routing packets under IP is without any real memory of how > a packet got there - each device doing routing along the way just looks > at the destination IP, looks for a route in the routing table and just > flings the packet along that way. If you get routing wrong, a packet > can reach a destination but the reply won't get back if the reverse > route is not properly defined at every hop. So, you'll need either an > explicit route in the routing table at each hop, or else the packet will > get forwarded to the default gateway. > > Regards, > Doug. > > > >
