Hej Erich,
thanks for your comment!
Erich Titl schrieb:
> Boris
>
> Boris schrieb:
>> Hej all,
>>
>>
>> I'm trying to find out how to setup a special thing and need help at
>> this point. Hope to find it here....
>
> Mhhhh... this is completely OpenVPN related, so the best answer
> canprobebly be found there.
Well, yes and no..... If my intuition is good, the openvpn guys would
redirect me back to you. I think I need the to NAT the device tun0. I
found a hint how to do it usually, but cannot 'translate' that to Bering:
# initialize natting for openvpn
iptables -t nat -F POSTROUTING
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -s 10.66.66.0/24 -j MASQUERADE
Or a route is missing on the Bering-Box...?
>
>>
>> So, what do I want and what did I do?
>> I want to make a Roadwarrior (in this case WinXP) connect to my
>> Bering-uclibc device through openvpn and have access to the LAN
>> (192.168.20.x) behind the Bering-Box AND access Internet through this
>> connection, too. In other words: I (as a travelling man) want to secure
>> connect to my remote LAN which is connected to the internet via
>> BeringBox. I also want to use the Internet from inside the LAN, not
>> directly, for it seems a lot safer behind the shorewall. Good idea?
>
> This is what redirect-gateway is for.
>
> Better use "redirect-gateway def1"
>
>>
> ...
>
>>
>> What happens?
>>
>> I can bring the vpn up and have no longer access to the internet from
>> the client.
>
> Look at your routing tables and the firewall settings on your server,
> also possibly the firewall settings in XP
All Win-firewalls switched off. No entries in shorewall.log = no dropped
pakets.
I wrote
# Web-Access fuer Roadwarrior
vpn net ACCEPT
to /etc/shorewall/policy.
>
> I can ping IP adresses in the LAN, but have no name service
>> for the LAN. I have name service from the internet.
>
> Which contradicts your statement above that you have no internet access.
Mmhh, yes. It seems that DNS is done from the local Internet connection
in second try. First try seems to go to remote DNS - that does not answer:
> nslookup
DNS request timed out.
timeout was 2 seconds.
*** Der Servername für die Adresse 192.168.23.254 konnte nicht gefunden
werden: timed out.
Standardserver: mygate.mydom.network
Address: 192.168.45.254 <-- this ist the
network I am physically in, call it 'green grassland'...
>
> Have you tried to check DNS using nslookup manually, specifying your
> server? Don't forget, XP may cache nameservices, this may be misleading.
>
> If this does not help, the experts are on the OpenVPN list :-), I am
> lurking around there too.
I just signed pu that list and will put in the question there.
Thanks anyway,
Boris
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
