Yes, it appears I don't know what the route directive is for ;-) What I want to do is allow openvpn to connect the two subnets, but for each subnet to bring up web pages etc, viz ascii art below.
So on work fw, I need route 192.168.1.0 255.255.255.0 and on home fw I need route 192.168.10.0 255.255.255.0 home subnet office subnet 192.168.1.0/24 192.168.10.0/24 winxp -- WLAN -- homefw -- Internet -------------- officefw <--- tun 1 -----> <------------------ tun0 ----------> route 216.x.y.z route 216.x.y.z = external iface of homefw. change to >>>>>>>>>>>>>>>> 192.168.10.0/24 On the office fw, here is the route table now firewall: -root- # ip route sho 10.1.10.2 dev tun0 proto kernel scope link src 10.1.10.1 137.p.q.r via 10.1.10.2 dev tun0 192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.254 137.45.192.0/24 dev eth0 proto kernel scope link src 137.45.192.190 137.45.192.0/24 dev ipsec0 proto kernel scope link src 137.45.192.190 default via 137.p.q.r dev eth0 The route directive in officefw's openvpn.conf is route 137.p.q.r and that may be a mistake. Rick. -----Original Message----- From: Tom Eastep [mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 3:11 PM To: Tibbs, Richard Cc: M Lu; [EMAIL PROTECTED] Subject: RE: [leaf-user] Can Multiple openvpn processes run on LEAF? On Mon, 2004-12-13 at 14:27 -0500, Tibbs, Richard wrote: > Thanks, all! > I have set up one end in the office (bering 1.2 / Shorewall 2.0.9 / > openvpn 1.6) tunnels file: > openvpn:5001, > which I assume defaults to UDP. > > Be back at home to do the other end (bering 1.2 / Shorewall 1.4.2 / > openvpn 1.6) and let you know the results. > > Still wrestling how to resolve the routing issue. Might post to openvpn > users as well on this, but with this arrangement: > winxp -- WLAN -- homefw -- Internet -- officefw > <--- tun 1 -----> <---- tun0 ----------> > route 216.x.y.z route 216.x.y.z = external iface of homefw. > The above route commands are identical in both openvpn configs on > homefw. > This causes the second tunnel to come up, tun0 to fail the route > command. > I could change the route command in tun0's config to my ISP's default > gateway and see if that works. > Any thoughts? Richard, The whole point of adding routes when bringing up a tunnel is to direct the appropriate traffic through the tunnel. So you should craft your routing commands to accomplish that goal. In particular, you want traffic at your home firewall destined for your network at work to be routed through the tunnel and you want traffic at your work firewall that is addressed to your home network to be routed through the tunnel. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
