Hi, On Fri, Mar 15, 2019 at 03:31:05AM +0300, sergio wrote: > Gert, I'm subscribed to mail list, please reply to list, not directly to me. > > > Paint a picture with all machines that would see the IP packet, and > > check routes in both direction on *all* machines > > Could you give an explanation, how exactly this should happen?
As I said: all devices need to agree on routing.
I'm not going to paint the picture for you, and I'm not going to spend
my time trying to understand your setup - you asked "can it be done"
and the answer is "yes".
One thing hints at some confusion:
> == B ==
>
> The last step is to forward all packages from 10.0.3.0/24 via 10.0.1.2.
Routing normally does not work for "packets *from*", but for "addresses
*to*".
If you want the routing device to have different routes depending on
where the packets are coming *from*, things get complicated. On Linux,
you need to set up "ip rule" and multiple routing tables (different
default gateway for "packets from 10.0.3.0/24" vs. "the rest").
*This* is something the OpenVPN iroute code can not do, route differently
depending on source address.
[..]
> How 10.0.1.1 should send packets from 10.0.3.0/24 to 10.0.1.2, and not
> via it's default gw?
ip rule, or just point the default gw towards 10.0.1.2
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
