Re: Routing between multipule Tunnels

On Wed, 30 Jun 2004, Murray Thomson wrote:

> I want to  set up a spider topology with OpenVPN. OpenVPN server A has an 
> OpenVPN tunnel to each of Servers B, C and D each with their own subnet.
>
> The problem is that from Server B,C or D I can not communicate with any 
> server other thatn A. From A however I can reach S,C and D and any station on 
> their respective subnets. Also from a station on subnet A I can also get to 
> B, C and D and also on their respective subnets.
>
> For some reason I cannot get from one of the arms streight through the main 
> server and back out again.
>
> Does anyone know it this is not a workable topology or is there something 
> else I need to do to make this fly.

Yes, that should be no problem. What version of OpenVPN are you using?

If you are using 2.0 in server mode you need to use the option 
--client-to-client to allow internal routing between the clients. You 
probably also need to use --iroute in each client config file.

If you're not using v2.0 you probably just don't have the routing setup 
correctly in your systems.

Is the OpenVPN machines the default gateway on each network? If not, you 
need to make sure that EVERY machine on each network knows that is should 
reach ALL the other networks through the openvpn machine.

In B, do you have a route to the network behind C and D through your 
TUN/TAP interface? Same thing applies for C and D ofcource, they need 
routes to the other "client networks" through the VPN.

If you still can't get the routing working, please post your configs, and 
we can probably see what routes you're missing.

--
_____________________________________________________________
Mathias Sundman                  (^)   ASCII Ribbon Campaign
NILINGS AB                        X    NO HTML/RTF in e-mail
Tel: +46-(0)8-666 32 28          / \   NO Word docs in e-mail


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com