Sorry for the delay in my response. Gabriel Gunderson wrote: > On Fri, 2007-08-10 at 10:56 -0600, Kenneth Burgener wrote: >> I have in my rules: >> DNAT net lan:10.10.10.3 udp 1194 - >> 65.X.X.X > > This looks like a shorewallism. What does the 65.X.X.X stand for? Is > that your public IP obfuscated? If so, I assume the whole thing is > spelled out in your config?
Yes, that is my public Qwest IP address obfuscated. >> Here is how I am adding a static route: >> route add -net 10.10.20.0 netmask 255.255.255.0 gw 10.10.10.3 dev >> eth1 > > This shouldn't need the "dev eth1" What do you get without it. Still, I > doubt it makes any difference. Yeah, adding the "dev eth1" does not appear to make any difference. >> My policy has: >> $FW net ACCEPT >> $FW lan ACCEPT >> lan $FW ACCEPT >> lan net ACCEPT > >> I watch the message log, and it does not appear that shorewall is >> dropping any connections > > If you are dropping packet anywhere? If so, are they *ALL* being > logged? When I say *ALL* I mean *ALL*. Otherwise, it's like a > blackhole and troubleshooting is a nightmare. They are not being logged anywhere I can tell. To me it seems that they are just disappearing into a black hole. >> so it appears that I am just doing the routing wrong. > > Keep it simple. Try pinging the VPN gw (10.10.20.1) from the 10.10.10.X > subnet without using any OpenVPN stuff. First establish the route and > then try for a VPN connection. Run tcpdump with the right filters on > both the router and the VPN gw (don't tell me OpenVPN is running on > Windows and doesn't have tcpdump!). I ran tcpdump on the gateway, and as far as I can tell I can see the traffic coming in, and being routed back out. I am just not sure where it is being routed to. > Let us know what you find out. > > Gabe Thanks for your response. Kenneth /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
