[LARTC] Problem with VPN routing from internal network + tun0 and traffic shaping
Remus
rmocius@auste.elnet.lt
Fri, 8 Oct 2004 14:46:00 +0100
You are correct Peter.
But that is not enough to have access from client local lan to serevr client
local lan.
The line below helpped me to fix it:
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o tun0 -j SNAT --to-source
10.0.0.2
So there is one more problem, how to access from the server local net
client's local net?
Any ideas?
And how to shape traffic going via tun0?
At the moment I have htb on eth0 and imq0 to shape in and out traffic?
But what about VPN traffic which goes via tun0?
Thanks
Remus
----- Original Message -----
From: "Peter Huetmannsberger" <huetmann@site38.ping.at>
To: <lartc@mailman.ds9a.nl>
Sent: Friday, October 08, 2004 1:44 PM
Subject: Re: [LARTC] Problem with VPN routing from internal network
>
> Hi!
>
> Correct me if I am wrong, what it looks like to me is this :
>
>
> 192.168.1.0/24 10.0.0.1 10.0.0.2 192.168.2.0/24
> server net serverfw openvpn clientfw client net
>
> On the serverfw you need a static route to the client net:
> route add net 192.168.2.0 netmask 255.255.255.0 gw 10.0.0.2
>
> On the client net the other way round:
> route add net 192.168.1.0 netmask 255.255.255.0 gw 10.0.0.1
>
> Firewall must allow all traffic through tun+
> And of course must allow traffic coming from the opposite network.
>
> Hope this helps,
>
> .peter
>
>
>
>
>
> On Fri, 8 Oct 2004, Remus wrote:
>
>
>
>
>
>> Hi folks,
>>
>> I have the two firewalls (Slackware current) in differnt cities connected
>> via OpenVPN.
>> I can ping the network behind server firewall from client firewall
>> server.
>> But how to route/iptable network traffic from the network behind client
>> firewall to see the netwrok behind server firewall?
>>
>> Thank you
>>
>> Remus
>>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>