Site #1 (Server) is the subnet 192.168.1.0/24 and router 192.168.1.254.
Actual computer is 192.168.1.100.
Site #2 (Client) is the subnet 192.168.2.0/24 and router 192.168.2.254.
Actual computer is 192.168.2.100.
I've got both Linksys boxes here before actually putting them in the two
different shops I'm trying to help connect together.
The system I'm typing on has the address 192.168.20.4. For the moment,
in the Client openvpn configuration file. The Client linksys router has
a static route set up for 192.168.20.4 / 255.255.255.0 -> 192.168.2.254.
The Server linksys router has an Application setup to forward UDP port
1194 to 192.168.1.100.
On my own host I can see the packets go by:
13:31:47.067916 IP 192.168.2.100.1235 > 192.168.20.4.1194: UDP,
13:31:47.067927 IP 192.168.2.100.1235 > 192.168.20.4.1194: UDP,
13:31:47.068512 IP 192.168.2.100.1235 > 192.168.20.4.1194: UDP,
13:31:47.068541 IP 192.168.2.100.1235 > 192.168.1.254.1194: UDP,
but the server's openvpn shows nothing in its log. I've got the
firewall disabled on the server system, and also the SPI firewall stuff
in the server's router is disabled. In the same, it's got the VPN
Passthrough stuff (IPSec, etc) all enabled.
The client's router also has the VPN Passthrough stuff enabled.
On my middle-man host I've done
sudo iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
sudo iptables -A OUTPUT -o eth0 -p udp --sport 1194 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1194 -j
DNAT --to 192.168.1.254
to make sure it does its NAT job for me.
I'm hammering my way through everything that could have to do with it,
but I've not yet seen the light. I'm still praying it's a silly mistake
on my host trying to be the go-between. The alternative is trying to go
to both shops (Blackrock and off Grafton St) with the routers in place
and hope it "just works", since I'm happy with the openvpn configs.
P.S. Server config:
ifconfig 192.168.9.1 192.168.9.2
#keepalive 10 120 ?
# Client network side
route 192.168.2.0 255.255.255.0
ifconfig 192.168.9.2 192.168.9.1
# Should come from the server doing a push "persist-..."
#keepalive 10 120 ?
# Server network:
route 192.168.1.0 255.255.255.0
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!