Hi Norbert, On 20/02/15 10:41, Norbert Zawodsky wrote: > Hi folks! > > after using openvpn for some years now, and silently reading the posts > on this list, it looks like I now need help myself.. > > In my office, I have an internal LAN, (not very surprising) 192.168.1.* > which connects PCs, Printers, some ohter devices. > The "main" PC runs Linux and is the firewall, router, openvpn server, > print server, and, and, and ... > > Interfaces: > eth0: 81.223.xxx.xxx / 255.255.255.248 to the outside world > eth1: 192.168.1.1 / 255.255.255.0 > tun0: 192.168.3.1 / 255.255.255.255 > > I can connect to the office-LAN from Laptop, smartphone, Home-PC .... > Everything's fine. > > > -------- > > > Now, on my PC at home (Linux too), I installed WIN-7 inside a Vmware > virtual machine. > Getting access from Win-7 to the office LAN seems to be too complicated > for my vpn knowledge. > > ifconfig@Home-PC: > eno1: 192.168.12.11 / 255.255.255.0 <== DHCP-assigned from the > cable modem/router > tun1: 192.168.3.10 / 255.255.255.255 > vmnet1: 172.16.142.1/ 255.255.255.0 <== automacigally assigned by > vmware > vment8: 172.16.254.1/ 255.255.255.0 > > Kernel routing table: > Ziel Router Genmask Flags Metric Ref > Use Iface > default 192.168.12.1 0.0.0.0 UG 0 0 0 eno1 > 172.16.142.0 * 255.255.255.0 U 0 0 0 vmnet1 > 172.16.254.0 * 255.255.255.0 U 0 0 0 vmnet8 > 192.168.1.0 192.168.3.9 255.255.255.0 UG 0 0 0 tun1 > 192.168.3.0 192.168.3.9 255.255.255.0 UG 0 0 0 tun1 > 192.168.3.9 * 255.255.255.255 UH 0 0 0 tun1 > 192.168.12.0 * 255.255.255.0 U 0 0 0 eno1 > > Now, as said above, from LInux I've got access to the office LAN. > But how can achieve LAN access from the WIN-VM ? > > For the vmware virtual network adapter, I have 3 possibillities, > bridged, NAT, Host-only. > > If I set the vmware-adapter to bridged mode, it shares the host's > physical eno1. WIN immediately has access to the outside world. > In this scenario, I could install a 2nd openvpn-client in WIN7 and would > have access to the office LAN. > But if I understand it correctly, a package from WIN7 to the Linux-host > (192.168.3.10) would travel through one tunnel all the way to the office > and through the 2nd tunnel back to the linux host. This seems a bit of > nonsens to me. > > How could a better setup look like? > A vpn-bridge office-LAN <-> home-LAN ?? >
this looks like a routing issue that has actually little to do with OpenVPN. How did you make sure that your linux home PC has access to the office LAN? what kind of routing rules or masquerading did you set up? How does the office LAN "know" that packets coming over the tunnel (with address 192.168.3.x) should go back via the OpenVPN server? Once you know the answer to those questions you can adjust your vmware setup to match. I run vmware myself on my linux laptop and usually configure it in NATting mode. That way all packets from the virtual machine appear as if they're coming from the host OS. A quick&dirty approach is to use masquerading for this: on your linux client, add a rule iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE which will mask out all traffic - if that works and you're happy with it you can stop right there. If you want to know more about network routing, then remove the iptables rule and start debugging :) HTH, JJK ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
