Gert, I'm subscribed to mail list, please reply to list, not directly to me.
No.
Paint a picture with all machines that would see the IP packet, and
check routes in both direction on *all* machines
Could you give an explanation, how exactly this should happen?
== A ==
As I said I have routing between A and B networks. So I can ping
10.0.2.32 from 10.0.3.17 and vice versa.
== B ==
The next step is to access 1.1.1.1 from 10.0.3.17 via 10.0.1.2.
To reach this I do:
ip r add 1.1.1.1 via 10.0.1.1 (on 10.0.1.2)
iroute 8.8.8.8 255.255.255.255 (to ccd/A on the server)
So the packet from 10.0.3.17 to 1.1.1.1, goes:
10.0.3.17
-lan->
10.0.1.3
-by routing decision i added with ip route->
10.0.1.1
-due to iroute rule->
10.0.1.2 -> default gw for 10.0.1.3 via eth0.
== B ==
The last step is to forward all packages from 10.0.3.0/24 via 10.0.1.2.
Well. On 10.0.3.1/10.0.1.3 I do:
ip r replace default via 10.0.1.2
after this command all traffic from 10.0.3.17 will go out through
default gw for 10.0.1.1:
10.0.3.17
-lan->
10.0.1.3
-by routing decision i added with ip route->
10.0.1.1
-> default gw for 10.0.1.1 via eth0
How 10.0.1.1 should send packets from 10.0.3.0/24 to 10.0.1.2, and not
via it's default gw?
IPs once again:
ovpn server
vpnIP 10.0.1.1, network : 10.0.1.0/24
client A
lanIP : 10.0.2.1, network : 10.0.2.0/24
vpnIP : 10.0.1.2
client B
lanIP : 10.0.3.1, network : 10.0.3.0/24
vpnIP : 10.0.1.3
Yes, "ip_forward" is enabled on all hosts (A, B, and server.
--
sergio.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
