On Mon, Jul 21, 2008 at 07:02:53PM -0700, firstname.lastname@example.org wrote:
> I have a tunnel as described in openvpn.man,
> Example 2, between my home 10.4.0.1 and work
> 10.4.0.2 machines.
> "ping 10.4.0.1" from 10.4.0.2
> "ping 10.4.0.2" from 10.4.0.1
> succeed as expected.
> Routing from the LAN attached to 10.4.0.2 does
> not work yet.
> Near the end of openvpn(8) dated 3 August 2005,
> James Yonan wrote,
> jy> "Routing:
> ... enable TUN packet forwarding through the firewall:
> iptables -A FORWARD -i tun+ -j ACCEPT
> which suggests that iptables is involved in routing.
> Whereas in the Shorewall mailing list, Tom Eastep
> "You don't specify routing in Shorewall or using
> iptables. You specify routing via OpenVPN."
> So I'm left with two questions.
> * What is the iptables command above doing?
> * What does Tom mean by "... specify routing
> via OpenVPN."?
> Thanks for any ideas, ... Peter E.
There are 2 parts to the routing question.
1) Does the kernel do ip packet forwarding - this is need to route ipv4
have a look in /etc/ssyctl.conf, there shouldbe an entry
net.ipv4.ip_forward, set it to 1 and either reload sysct.conf with systl
-p or use sysctl -w net.ipv4.ip_forward=1
2) does your firewall allow the packets through
you will need to check your rules to see if you allow traffic from the
local lan to the remote lan
> = http://carnot.pathology.ubc.ca/
> Desktops.OpenDoc http://members.shaw.ca/peasthope/
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
"We've had no evidence that Saddam Hussein was involved in Sept. 11."