Re: openvpn 1.6: win2k client on linux server (fedora1)

new status ;-)  i've diagnosed some issues

win2k client
192.168.255.198
     |
     |
172.16.0.254
   TUNNEL
172.16.0.253
     |
     |
192.168.255.1 (private; used for establishing openvpn connection)
VPNserver (Fedora)
IP: a.b.c.15 (public)
     |
     |
my router
IP: a.b.c.2
     |
     |
INTERNET

the problem was and still is that win2k is generating packets with 
source ip address of the tunnel 172.16.0.253. those packets arrive
at the router and i've set it to forward it back to the VPNserver which 
then FWD them to the win2kclient. the internal network works fine,
but internet wont work cause its using private address.

i can solve it at the Fedora VPNserver point - NATing 172.16.0.253 to a 
public address a.b.c.g so it can go out, and reversing when it gets back
to the 172.16.0.253. but will i be able to set up ftp server or anything 
like that? i guess i wont?! how i can do tunnel and still be able to set 
 up ftp server or provide any other service to people outside of a.b.c 
network?

one solution is to use public addresses for both tunnel ends, this way 
NAT wont be necessary..but i'll loose 2 public IP addresses just for one 
user....and still i'm checking now - the link wont be secure..

i've tried using alias at win2k, but still...the problem persist...
HOW do I Tell WIN2k/XP and the installed TAP adapter to generate packets 
with source address=win2kpublic address?


;-)


Darko


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com