[plug] Routing... through VPN
Marc Wiriadisastra
marc-w at smlintl.com.au
Wed Aug 4 08:36:18 WST 2004
Gonna show how nooby I am. Have you tried it without the firewall
momentarily to see whether that is the cause of it. I had a situation
where the firewall was open for tcp packets but udp packets where needed
as well hence it wasn't working I narrowed it down by dropping the
firewall and testing.
HTH
Marc
Bernd Felsche wrote:
>I have a VPN tunnel (OpenVPN) working between two sites but have a
>small problem with routing out from one site to another, through the
>tunnel.
>
>In order to facilitate the VPN in addition to a real private
>network, I've overlaid a new set of private IP addresses for key
>hosts, so the topology looks something like this:
>
>+-----------------+ +-----------------+
>| Server A | LAN | Firewall A |
>| VPN 10.0.9.1 |--------| VPN 10.0.9.9 |
>| LAN 192.168.9.1 | | LAN 192.168.9.9 |
>+-----------------+ | TUN 10.1.0.9 |
> | +-----------------+
> | LAN ||
> | || Internet
>[Cisco] ||
> | +-----------------+
> | Frame Relay | Firewall+Serv B |
>[Cisco] | VPN 10.0.8.1 |
> | LAN | LAN 192.168.8.1 |
> +---------------------| TUN 10.1.0.8 |
> +-----------------+
>
>Firewall A is the default gateway for Server A
>IP forwarding is ON at Firewall A.
>
>I can ping, ssh, etc to Firewall A's VPN address from Firewall B.
>I can ping, ssh, etc to Server A's VPN address from Firewall B.
>I can ping, ssh, etc to Firewall B's VPN address from Firewall A.
>
>Problem:
>I can't ping Firewall B's VPN or TUN address from Server A.
>A traceroute stops at Firewall A.
>
>Routing on Firewall A is essentially a mirror of that on Firewall B.
>
>What could I have missed?
>
>
>
More information about the plug
mailing list