Rick
Tibbs, Richard wrote:
Erich,OK, but still you are tunnelling through your own subnet using the addresses
The "float" directive in the bering openvpn.conf allows the WinXP
wireless nic to get a variable IP. Since I am rebooting quite often,
and LEAFs have no memory of the ip to mac address, so it would come up
192.168.1.3 or .4.
BTW, the Shorewall logs on both home and office fw's show no droppedDo you have connection from your home network (wired) to the office network through the tunnel? IMHO this is the basis of your connectivity. The tunnelled laptop is just the icing on the cake as it is part of your home network. Once you have connectivity to the office you can set up your wireless environment.
UDPs of port 5000, or 50001.
You still did not provide a clue about your routing on your wireless client.
Could you explain the rationale for the route 216.x.y.z through the tunnel? I see no need for this route assuming that it is the external address of your home fw.
-------excerpts from your previous post
On homefw, the route table becomes # ip route sho
10.1.10.2 dev tun0 proto kernel scope link src 10.1.10.1 ----> dev tun0 gets an address of 10.1.10.1 with a peer of 10.1.10.2
192.168.10.0/24 via 10.1.10.2 dev tun0 ----> packets for 192.168.10.0 (office network) are routed to 10.1.10.2 using tun0
10.1.1.2 dev tun1 proto kernel scope link src 10.1.1.1 ----> dev tun1 gets an address of 10.1.1.1 with a peer of 10.1.1.2
216.12.22.64/26 dev eth0 proto kernel scope link src 216.x.y.z ----> this, I assume is your external address
216.x.y.z via 10.1.1.2 dev tun1 ----> this is the result of your route entry which I fail to understand. This IMHO routes packets destined for 216.x.y.z through tun1 which I believe is the tunnel to access your wireless client. The local endpoint of this tunnel will be 10.1.1.1, the remote end will be 10.1.1.2 but what is the address you are tunneling to? Is it really 216.x.y.z? I doubt it. I believe you want to address the laptop with an address in the 192.168.1.0/24 subnet. The problem is the route below because it covers already the entire subnet. What is needed is a more specific route to the address of your laptop, possibly by placing this in a subnet of 192.168.1.0.
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 ----> this is your inner interface, normal
216.12.22.64/26 dev ipsec0 proto kernel scope link src 216.x.y.z ----> this is built by ipsec, no importance here (hopefully)
default via 216.12.22.65 dev eth ----> and last, but not least, the default route used to access the internet and your peer at 137.p.q.r
cheers Erich
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
