On 11/3/10 8:00 PM, Bart Schaefer wrote:> I have a CentOS 4 server that acts as a gateway for a small LAN. The
> lower half of the 192.168.144 address space is the LAN on eth1, the
> upper half is the WAN on eth0, and the default route is to
> 192.168.144.254 which is my DSL router; this has been working fine for
> years.
>
> However, it's recently become convenient to connect the server to a
> VPN from time to time, for which I've set up OpenVPN. This works for
> connections originating from the server itself, but breaks for
> machines on the LAN when accessing IPs in the ranges that are routed
> to the VPN. Connections to IPs not in the private network still work
> as before.
>
> Can anyone advise what I may need to change to configure the server to
> forward packets to the VPN? Pointers to documentation are welcome.
> Thanks.
>
> /etc/sysctl.conf has:
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
You probably are forwarding packets to the other end of the vpn. Does whatever
is on the other end have a route back to your 192.168.144.x range through that
end of the vpn? Connections from the server itself will source from the tunnel
address, not the LAN.
--
Les Mikesell
lesmikesell at gmail.com