I don´t know the inner working of OpenVPN, but I suppose using
"client-to-client" option make the OpenVPN daemon do the routing, not even
leave the packets go thru O.S. routes.
I have several similar setups and never need to use routeback option. Just
"client-to-client" solved this problem.
-Gilson
On 3/26/08, Chris Morley <[EMAIL PROTECTED]> wrote:
>
> Thanks for the fast reply and resolution! I added routeback to the
> vpn interface as per the file below and it all started working:
>
> router-hq:~# cat /etc/shorewall/interfaces
>
> ###############################################################################
> #ZONE INTERFACE BROADCAST OPTIONS
> lana eth0 detect tcpflags,nosmurfs
> lanb eth1 detect tcpflags,nosmurfs
> dmz eth2 detect
> net eth3 detect
> tcpflags,dhcp,routefilter,nosmurfs,logmartians
> vpn tun0 - routeback
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
>
> FYI i also pushed the route "172.16.1.0 255.255.255.0" to clients so they
> could also connect direct to vpn end points should any road warriors dial
> in.
>
> Thanks very much for the help,
>
> Chris
>
> ------------------------------
>
> > Date: Wed, 26 Mar 2008 06:40:08 +0000
> > From: [EMAIL PROTECTED]
> > To: [email protected]
> > Subject: Re: [Shorewall-users] Hub/Spoke OpenVPN can't communicate from
> Client A to Client B - FORWARD:REJECT:IN=tun0 OUT=tun0
> >
> > On Wed, Mar 26, 2008 at 06:30:51AM +0000, Chris Morley wrote:
> > > So in summary, how can i route packets which come in over tun0/vpn
> > > back out via the same interface?
> >
> > Without looking at the problem, my bet's on 'routeback'.
> >
> >
> -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> >
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________
> > Shorewall-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
> ------------------------------
> Have you played Fishticuffs? Get fish-slapping on
> Messenger<http://www.fishticuffs.co.uk/>
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
--
Gilson Soares
Gerência de Redes e Segurança
Kobold Gestora de Fundos Ltda
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
