Jeff Boyce wrote: > Routing info as requested, listed below. > > it seems like a routing issue; as a quick&dirty work around , can you try enabling masquerading on the OpenWRT box:
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE (assuming that 'eth0' is the name of the network port on the OpenWRT box to which the LAN is connected. HTH, JJK > ----- Original Message ----- > From: "Mathias Jeschke" <openvpn-us...@0xaffe.de> > To: <openvpn-users@lists.sourceforge.net> > Cc: "Jeff Boyce" <jbo...@meridianenv.com> > Sent: Tuesday, November 11, 2014 1:32 AM > Subject: Re: [Openvpn-users] Classic case of can't reach machine behind > OpenVPN server from the connected client > > > >> Hi Jeff, >> >> On 11/10/2014 10:20 PM, Jeff Boyce wrote: >> >> >>> However, I turned off the firewall on the OpernWRT router (confirmed with >>> $ >>> iptables -L -n) then ran the ping test again. The result is the same >>> (Reply >>> from 10.4.0.1: Destination host unreachable). That to me indicates that >>> my >>> issue is with routing, and not with the firewall. Which then takes me to >>> the decision diagram provided by David previously and puts me at the >>> point >>> of "Add a route to the router so it knows how to reach the VPN subnet". >>> Which is where my lack of routing knowledge gets me stuck, as I am not >>> sure >>> what exactly to put for a static route, and also the right syntax to put >>> into an OpenWRT config. >>> >>> Does it seem like I am on the right track with this synopsis? >>> >> Could you please post the routing table of the Vista box (192.168.123.111) >> too? >> >> Cheers, >> Mathias. >> >> > > VPN client routing table after establishing a connection to the OpenVPN > server. > > > > IPv4 Route Table > > =========================================================================== > > Active Routes: > > Network Destination Netmask Gateway Interface Metric > > 0.0.0.0 0.0.0.0 192.168.112.11 192.168.112.125 10 > > 10.4.0.1 255.255.255.255 10.4.0.5 10.4.0.6 31 > > 10.4.0.4 255.255.255.252 On-link 10.4.0.6 286 > > 10.4.0.6 255.255.255.255 On-link 10.4.0.6 286 > > 10.4.0.7 255.255.255.255 On-link 10.4.0.6 286 > > 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 > > 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 > > 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 > > 192.168.112.0 255.255.255.0 On-link 192.168.112.125 266 > > 192.168.112.125 255.255.255.255 On-link 192.168.112.125 266 > > 192.168.112.255 255.255.255.255 On-link 192.168.112.125 266 > > 192.168.123.0 255.255.255.0 10.4.0.5 10.4.0.6 31 > > 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 > > 224.0.0.0 240.0.0.0 On-link 10.4.0.6 286 > > 224.0.0.0 240.0.0.0 On-link 192.168.112.125 266 > > 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 > > 255.255.255.255 255.255.255.255 On-link 10.4.0.6 286 > > 255.255.255.255 255.255.255.255 On-link 192.168.112.125 266 > > =========================================================================== > > Persistent Routes: > > None > > > > > > OpenWRT Router / OpenVPN Server routing table after a connection is > initiated from a remote VPN client > > > > root@gateway:~# route -n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use > Iface > > 0.0.0.0 174.125.113.1 0.0.0.0 UG 0 0 0 > pppoe-wan > > 10.4.0.0 10.4.0.2 255.255.255.0 UG 0 0 0 tun0 > > 10.4.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 > > 174.125.113.1 0.0.0.0 255.255.255.255 UH 0 0 0 > pppoe-wan > > 192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 > br-lan > > > > > > Routing table of Vista Box behind OpenVPN Server > > > > IPv4 Route Table > > =========================================================================== > > Active Routes: > > Network Destination Netmask Gateway Interface Metric > > 0.0.0.0 0.0.0.0 192.168.123.2 192.168.123.111 10 > > 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 > > 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 > > 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 > > 192.168.56.0 255.255.255.0 On-link 192.168.56.1 276 > > 192.168.56.1 255.255.255.255 On-link 192.168.56.1 276 > > 192.168.56.255 255.255.255.255 On-link 192.168.56.1 276 > > 192.168.123.0 255.255.255.0 On-link 192.168.123.111 266 > > 192.168.123.111 255.255.255.255 On-link 192.168.123.111 266 > > 192.168.123.255 255.255.255.255 On-link 192.168.123.111 266 > > 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 > > 224.0.0.0 240.0.0.0 On-link 192.168.56.1 276 > > 224.0.0.0 240.0.0.0 On-link 192.168.123.111 266 > > 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 > > 255.255.255.255 255.255.255.255 On-link 192.168.56.1 276 > > 255.255.255.255 255.255.255.255 On-link 192.168.123.111 266 > > =========================================================================== > > Persistent Routes: > > Network Address Netmask Gateway Address Metric > > 10.4.0.0 255.255.255.0 10.4.0.1 1 > > 0.0.0.0 0.0.0.0 192.168.123.2 Default > > =========================================================================== > > > > > > VPN Client Config > > client > > dev tun > > proto udp > > remote <dynamic dns service> 1194 > > pull > > nobind > > persist-key > > persist-tun > > tls-client > > ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" > > cert "C:\\Program Files\\OpenVPN\\config\\JABopti-755.crt" > > key "C:\\Program Files\\OpenVPN\\config\\JABopti-755.key" > > ns-cert-type server > > resolv-retry infinite > > comp-lzo > > route-method exe > > route-delay 2 > > verb 4 > > > > > > VPN Server Config > > port 1194 > > proto udp > > dev tun > > tls-server > > ca /etc/easy-rsa/keys/ca.crt > > cert /etc/easy-rsa/keys/GatewayVPNServer.crt > > key /etc/easy-rsa/keys/GatewayVPNServer.key > > dh /etc/easy-rsa/keys/dh2048.pem > > server 10.4.0.0 255.255.255.0 > > float > > ifconfig-pool-persist /etc/openvpn/ipp.txt 120 > > push "route 192.168.123.0 255.255.255.0" > > keepalive 10 120 > > comp-lzo > > persist-key > > persist-tun > > status /etc/openvpn-status.log > > log-append /home/openvpn.log > > verb 6 > > > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
