Shorewall users - Sep 2003 - openvpn

I''m not sure if this is a problem that''s been talked about
yet.  I searched
through the list but found no answers.  I have setup an openvpn connection 
using the guide on shorewall''s website.  The two vpn machines will
connect
to one another over the internet and authenticate just fine.  Also, the two 
machines are able to ping themselves through the tunnel (ie if 
tun0=192.168.200.1->192.168.200.2, pinging 192.168.200.2 works.)  OK, so it 
seems like the vpn link is up but nothing else is getting through, like 
pinging (or anything) a client from one side from a client on the other 
side.  I followed the setup guide except for one setup.  On side B i
don''t
have the local address in.  Because of my setup it would not allow me to put 
my internet address in that space.  (Side B is behind a linksys router.)  Is 
it possible that this is my problem?  Also, just in case you''re
wondering
about my policies, i even tried doing all to all accept and no deal :-p

Does anyone have any clues?

Here''s what my routing table looks like.  I''m not sure if this
is setup
right or not.
SYSTEM A
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.200.2   *               255.255.255.255 UH    0      0        0 tun0
192.168.7.0     *               255.255.255.0   U     0      0        0 eth1
ip68-99-192-0.p *               255.255.224.0   U     0      0        0 eth0
default         ip68-99-192-1.p 0.0.0.0         UG    0      0        0 eth0

SYSTEM B
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.200.1   *               255.255.255.255 UH    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.10.0    *               255.255.255.0   U     0      0        0 eth0
default         192.168.10.1    0.0.0.0         UG    0      0        0 eth0

_________________________________________________________________
Get MSN 8 and help protect your children with advanced parental controls.  
http://join.msn.com/?page=features/parental

do you have routes from the clients to the other networks throught the 
openvpn gateways? do you have route from each of the openvpn gateways to 
the other network?




"Dave B" <dragin33@hotmail.com> 
Sent by: shorewall-users-bounces@lists.shorewall.net
03/09/2003 15:46
Please respond to
Shorewall Users Mailing List <shorewall-users@lists.shorewall.net>


To
shorewall-users@lists.shorewall.net
cc

Subject
[Shorewall-users] openvpn






I''m not sure if this is a problem that''s been talked about
yet.  I
searched 
through the list but found no answers.  I have setup an openvpn connection 

using the guide on shorewall''s website.  The two vpn machines will
connect

to one another over the internet and authenticate just fine.  Also, the 
two 
machines are able to ping themselves through the tunnel (ie if 
tun0=192.168.200.1->192.168.200.2, pinging 192.168.200.2 works.)  OK, so 
it 
seems like the vpn link is up but nothing else is getting through, like 
pinging (or anything) a client from one side from a client on the other 
side.  I followed the setup guide except for one setup.  On side B i
don''t

have the local address in.  Because of my setup it would not allow me to 
put 
my internet address in that space.  (Side B is behind a linksys router.) 
Is 
it possible that this is my problem?  Also, just in case you''re
wondering
about my policies, i even tried doing all to all accept and no deal :-p

Does anyone have any clues?

Here''s what my routing table looks like.  I''m not sure if this
is setup
right or not.
SYSTEM A
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.200.2   *               255.255.255.255 UH    0      0        0 
tun0
192.168.7.0     *               255.255.255.0   U     0      0        0 
eth1
ip68-99-192-0.p *               255.255.224.0   U     0      0        0 
eth0
default         ip68-99-192-1.p 0.0.0.0         UG    0      0        0 
eth0

SYSTEM B
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.200.1   *               255.255.255.255 UH    0      0        0 
tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 
eth1
192.168.10.0    *               255.255.255.0   U     0      0        0 
eth0
default         192.168.10.1    0.0.0.0         UG    0      0        0 
eth0

_________________________________________________________________
Get MSN 8 and help protect your children with advanced parental controls. 
http://join.msn.com/?page=features/parental

_______________________________________________
Shorewall-users mailing list
Post: Shorewall-users@lists.shorewall.net
Subscribe/Unsubscribe: 
http://lists.shorewall.net/mailman/listinfo/shorewall-users
Support: http://www.shorewall.net/support.htm
FAQ: http://www.shorewall.net/FAQ.htm

Hi Dave,

On Wed, 3 Sep 2003, Dave B wrote:
>Here''s what my routing table looks like.  I''m not sure if
this is setup
>right or not.
Yes, your routing table is the problem.  You should probably find a good
tutorial on basic IP routing and read up on it.  The key to notice is that
there is only one route that uses the TUN interface on each machine, and
it is a host route (the netmask tells us that).  So on each machine, it
only knows how to reach the other machine at the end of the OpenVPN link,
and nothing about any network on the other end.

Since you''re using OpenVPN (excellent choice) you should also study the
OpenVPN documentation (it''s good!) at http://openvpn.sf.net .  Read the
HOWTO and study the example config files, paying careful attention to the
"up" lines and their accompanying shell scripts.  That''s
where you want to
put routing commands which will accomplish what you''re trying to do.

-Jason