[PLUG] Urgent need for Openvpn help

[Keith Lofstrom]

On Mon, Oct 27, 2008 at 10:25:34AM -0700, John Medway wrote:

> 
> The problem I'm having, and this is lack of sleep, I'm sure, is that while 
> the tunnel is up, and the site server can see the central corporate LAN, 
> the client machines on each of the satellite LANs cannot, and I cannot see 
> to them from the corporate LAN or any other satellite LAN. So Something's 

"route -n" is your friend.  Every server must have routes to all
the other servers and nets they need to reach, routed through the
appropriate tunX interface.  My central server, connected to 5
other machines, has about 30 routes in it.

Openvpn calls scripts to add the routes.  There client .conf
script should have a line that looks like:

      up ./client_to_server.up

That file ( also in /etc/openvpn) looks like

--------------- client_to_server.up ----------------------
#!/bin/bash
route add -net 172.98.1.0 netmask 255.255.255.0 gw $5
route add -net 172.98.2.0 netmask 255.255.255.0 gw $5
route add -net 172.98.3.0 netmask 255.255.255.0 gw $5
----------------------------------------------------------

There is a corresponding script (with different routes, of course)
on the server.  You will have to fool with the routing to get 
everyone playing together. 

Note, you don't have to get this all exactly right in the scripts
the first time.  In order to experiment, you can start openvpn
without routes,  then issue the same route commands manually
from the command line, as root, and see what goes where.  Remember,
you have to have valid routes for both ends of each path, and from
all ends to all other ends.

You can probably combine some subnets for simplicity;  my network
is small enough (and enough routes are blocked between machines)
that I set up each route separately.

Keith

-- 
Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs