I am trying to set up OpenVPN server, everything went perfectly as long as I could follow the straightforward HOWTO on the OpenVPn site… until now.
Usual routing problem- can’t connect to LAN network machines from client, can’t PING Lan machines or connect to Samba shares on LAN machines (other than the vpn server machine).
I don’t need the LAN to be able to see any machines behind the client, but I do need the client to see machines/access SAMBA shares and use printer behind the LAN vpn side. I have more init files and config files but too long to post in this one post.
Any help understanding and straightening out this problem would be greatly appreciated.
Corporate LAN setup:
Router: Linksys BEFS41v2 4 port
Wireless Access Point: LinKsys WAP11
Att DSL Modem (static IP)
DLINK 16 port 10/100 switch
SUSE 11 box connected via ETH1
*has 2nd NIC but not using at this point, long story)
SUSE box is DHCP, WINS, DNS server, VPN server using routing (Tun) mode.
Has static internal IP on ETH1
IP forwarding is On
Firewall is OFF (for testing this config)
DHCP set to assign 192.168.x x addresses starting at 192.168.1.100 up to .120
Static IP addresses assigned to:
1 network Printer
SUSE box itself
Wired Router
Wireless Router
CLIENT setup
WinXP with 10.0.x.x routing scheme on client’s wireless network ** VPN server distributing 10.8.0.0 addresses**
Mac OSX Leopard. Firewall off.
CAN:
establish VPN connection to VPN server
ping VPN server from client
connect to VPN server machine and access shares on that machine.
ping client from VPN server
LInksys Router setup LAN:
Router has static external IP
Router has static internal IP
Router is set to forward port 1194 UDP to the LAN address of VPN server (192.168.x.x)
Router static routing** this is a problem with this model of router I cannot specify a route for whole 10.8.0.0/24 at once, so I set the following static routes:
LAN IP 10.8.0.0
SUBNET 255.255.255.0
DESTINATION IP 10.8.0.1
HOPS 0
LAN IP 10.8.0.9 # I saw this in my netstat being listed so I added it shot in the dark 
SUBNET 255.255.255.0
DESTINATION IP 10.8.0.1
HOPS 0
LAN IP 10.8.0.10 ## the usual address vpn gives my client
SUBNET 255.255.255.0
DESTINATION IP 10.8.0.1
HOPS 0
TCPDUMP of atttempts to Ping
16:07:58.328687 IP 10.8.0.10 > 10.8.0.1: ICMP echo request, id 32021, seq 3, length 64
16:07:58.328727 IP 10.8.0.1 > 10.8.0.10: ICMP echo reply, id 32021, seq 3, length 64
16:08:07.601300 IP 192.168.1.119 > 10.8.0.10: ICMP echo request, id 1234, seq 0, length 64 #successful ping from Corp machine on LAN to client still on LAN
16:08:08.601090 IP 192.168.1.119 > 10.8.0.10: ICMP echo request, id 1234, seq 1, length 64 # client connected
16:08:09.601289 IP 192.168.1.119 > 10.8.0.10: ICMP echo request, id 1234, seq 2, length 64 #also via VPN as well as regular.
16:08:10.601499 IP 192.168.1.119 > 10.8.0.10: ICMP echo request, id 1234, seq 3, length 64
16:10:40.100126 IP 10.8.0.10.55625 > 192.168.0.1.53: 49966+|domain] # Trying to ping 192.168.1.118 machine from outside LAN on different network, get 100% packet loss client
16:10:40.192482 IP 10.8.0.10.60811 > 192.168.0.1.53: 697+|domain]
16:10:40.204709 IP 10.8.0.10.54703 > 192.168.0.1.53: 55355+|domain] ## I don’t understand what these mean.
16:10:40.212344 IP 10.8.0.10.50860 > 192.168.0.1.53: 45205+|domain] ## it’s the ping effort, but I dont’
16:10:40.222432 IP 10.8.0.10.60954 > 192.168.0.1.53: 20090+|domain] ### understand how to interpret it.
16:10:41.103404 IP 10.8.0.10.55625 > 192.168.0.1.53: 49966+|domain] ## or fix the problem
16:11:13.565499 IP 10.8.0.10 > 10.8.0.1: ICMP echo request, id 47381, seq 0, length 64 # successful ping vpn server from client outside
16:11:13.565553 IP 10.8.0.1 > 10.8.0.10: ICMP echo reply, id 47381, seq 0, length 64