SEO

Hallo...

Ich suche eine sehr gute Online Anleitung bezüglich OpenVPN.
Momentan ist es bei mir so, dass auf dem Server eth0 die IP 192.168.0.11 hat und TUN0 die IP 192.168.2.1...
Ich kann mich ohne Probleme verbinden mit OpenVPN, aber ich komme nur bis zur IP 192.168.0.11. Möchte aber ins gesamt Netz 192.168.0.x kommen. Also auch beispielsweise auf 192.168.0.254 (meinen Router das Webinterface erreichen).
Welche Parameter müsste ich reinsetzen in die OpenVPN-Serverconfig, damitich endlich vollen zugriff ins 192.168.0.x-Netz bekomme. Wäre auch an einer guten Anleitung interessiert, die genau diesen Fall abdeckt im Netz!

Gruss Michael

"M. Akdalan" <sewulba@gmx.de> schreef in bericht
news:20080329012634.0a6b3c3e.sewulba@gmx.de...
> Momentan ist es bei mir so, dass auf dem Server eth0 die IP
> 192.168.0.11 hat und TUN0 die IP 192.168.2.1...
> Ich kann mich ohne Probleme verbinden mit OpenVPN, aber ich
> komme nur bis zur IP 192.168.0.11. Möchte aber ins gesamt
> Netz 192.168.0.x kommen. Also auch beispielsweise auf
> 192.168.0.254 (meinen Router das Webinterface erreichen).

You should address this group in English.

In short you have an openVPN server and client configured and
working in routed mode, however the client can only reach the
server and not the network the server is at.

Changes are the kernel at your Debian server still has its
forwarding option disabled as per default:
Run 'echo "1" > /proc/sys/net/ipv4/ip_forward'.

To make this setting survive a reboot in /etc/network/options
modify the line 'ip_forward=no' into 'ip_forward=yes'.

To avoid subnet routing conflicts when connecting via unkown
LANs -likely defaulting to some 192.168.x.0- , I changed
my server's subnet to 172.31.1.0/24 and assigned 172.31.254.0/24
to the internals of openVPN. Any other permanent client's network
is assigned a uniq network 172.31.x.0/24 -for x not in (1,254)-

For the duration of a connection a single line in openVPN server
config
push "route 172.31.0.0 255.255.0.0"
tells any client how to route to all odd ends within the VPN.

You should be able to ping from openVPNclient to eg the router now.

Pinging in the opposite direction will still fail as none of the
machines in your network, the router at 172.31.1.254 included,
is aware of the route your server at 172.31.1.11 can provide to
172.31.0.0/16.

Depending brand and model your router may be able to redirect
traffic destined for 172.31.0.0/16 through 172.31.1.11 AND
tell it to the other machines on demand. Otherwise YOU have
to tell [each of] them!

HansH

"HansH" <hansh@invalid.invalid> schreef in bericht
news:47ee3925$0$14348$e4fe514c@news.xs4all.nl...
> "M. Akdalan" <sewulba@gmx.de> schreef in bericht
> news:20080329012634.0a6b3c3e.sewulba@gmx.de...
> Chances are the kernel at your Debian server still has its
> forwarding option disabled as per default:
> Run 'echo "1" > /proc/sys/net/ipv4/ip_forward'.
>
> To make this setting survive a reboot in /etc/network/options
> modify the line 'ip_forward=no' into 'ip_forward=yes'.

Sorry, that's slightly outdated ....

Uncomment in /etc/sysctl.conf the line
net.ipv4.ip_forward=1

HansH

On Sun, 30 Mar 2008 16:41:56 +0200
"HansH" <hansh@invalid.invalid> wrote:

> "HansH" <hansh@invalid.invalid> schreef in bericht
> news:47ee3925$0$14348$e4fe514c@news.xs4all.nl...
> > "M. Akdalan" <sewulba@gmx.de> schreef in bericht
> > news:20080329012634.0a6b3c3e.sewulba@gmx.de...
> > Chances are the kernel at your Debian server still has its
> > forwarding option disabled as per default:
> > Run 'echo "1" > /proc/sys/net/ipv4/ip_forward'.
> >
> > To make this setting survive a reboot in /etc/network/options
> > modify the line 'ip_forward=no' into 'ip_forward=yes'.
>
> Sorry, that's slightly outdated ....
>
> Uncomment in /etc/sysctl.conf the line
> net.ipv4.ip_forward=1
>
> HansH
>
>

I have found my mistake. I have only to make a static route on my Hardwarerouter. In my case was ist 192.168.2.0 255.255.255.0 192.168.0.11.

M.A.