Bruce,
You said that the phones are assigned 192.168.100.0/24 addresses by
server B, but there is no route in Server A that says use the tunnel to
send packets for 192.168.100.0/24 back to Server B.
My point is that server A needs that route for it to work. Server A
doesn't keep a record of how a packet gets from 192.168.100.0/24 - it
just uses the routing table.
Of course, server B doesn't have an explicit route either - how does it
know where to send packets for 192.168.100.0/24?
Regards,
Doug.
On 22/09/2010 10:58 AM, Bruce N wrote:
Douglas,
Thanks for the feedback. The reason why I was hitting the tunnel address is
because Server A (openvpn server/Asterisk server) is a stand alone server and
doesn't have any local IP number. It has a Vnet with Public IP address and then
loop back of 127.0.0.1. If I ping the public IP address then my ping doesn't go
through the tunnel and I am not sure if that's right anyways because then NAT
stuff and externip should kick in. So, I don't have another IP than the tun IP
to ping or register to. Am I missing something?
Following is the netstat -rn:
Server A - OpenVPN Server - Tun address: 172.16.0.1
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.50.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0
172.16.0.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
Server B - OpenVPN Client - Tun address: 172.16.0.6
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.16.0.0 172.16.0.5 255.255.255.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
Regards,
Bruce
Date: Wed, 22 Sep 2010 10:20:48 -0400
From: [email protected]
To: [email protected]
Subject: Re: [on-asterisk] OpenVPN Gurus! How to forward all traffic from eth1
to tun0?
Bruce,
I'm a little confused about exactly where you are in all of this, but
two things come to mind.
I don't think I would use the tunnel address as the target of the phones
- I'd suggest trying the address of the Ethernet interface of your
Asterisk system.
Try doing a netstat -rn on both systems again - my comment about needing
to see routes on both systems still applies. Try pinging the address of
the Asterisk server from something with a 192.168.100.0/24 address like
the phones (from one of the phones if they support it). If you can't
ping, it won't work (however, sometimes pings are filtered, which makes
debugging tough).
Remember that routing packets under IP is without any real memory of how
a packet got there - each device doing routing along the way just looks
at the destination IP, looks for a route in the routing table and just
flings the packet along that way. If you get routing wrong, a packet
can reach a destination but the reply won't get back if the reverse
route is not properly defined at every hop. So, you'll need either an
explicit route in the routing table at each hop, or else the packet will
get forwarded to the default gateway.
Regards,
Doug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
