Re: tun0 quesiton (_possibly_ openvpn related)

[David Brownlee <abs%absd.org@localhost>]

Iirc there is an option in the per client config file on the server to set
any remote networks for each clinet - could that be relevant?

On 6 Jul 2010 17:17, "David" <dhs%chromiq.org@localhost> wrote:


I have a (to me) strange problem, which I _think_ I've reduced to a tun0
interface question...

I need to setup an emrgency VPN tunnel (when isn't it an emergency... ;-)
on a couple of sparc64 boxes running netbsd-4-0.  I've installed openvpn,
which has *SUCCESFULLY* brought up at tunnel between the two endpoints,
and I can ping the *opposite* end of the link from each end, run TCP
sessions across it, etc..

The problem I have is getting traffic from other hosts on the local VLANs
to transit the VPN tunnel, and YES, I have created all manner of routes to
point at the opposite end.  While doing this, however, I spotted one
oddity, which is where I _think_ that my problem lies.

While the "client" (in openvpn terminology) end of the link can ping both
of the tun interfaces created by openvpn, the "server" end can only ping
the _remote_ end. I suspect that this means the the IP address "server" of
the server tun device doesn't appear in the routing table, and therefore
never becomes available to route traffic.

Any suggestions, comments, help, etc. gratefully received ;-)


                                   VPN

                 +--------+   172.16.0.0/30  +--------+
192.168.0.0/24 ---+ client +------------------+ server +--- 10.239.1.0/24
                 +--------+ .2            .1 +--------+


Thanks,

--
David    <david%chromiq.org@localhost>

"The most exciting phrase to hear in science, the one that heralds new
 discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov