routing question

[Havana_Cola]

---

hi,

got a little routing issue, i would like to tell my router that connections to 10.8.0.x should be redirected to a local machine which then does the openvpn connection.

so my network looks like this:

Code:

client - >    switch -> router -> inet
               ^
openvpn server |

client 192.168.11.115
router 192.168.11.1
openvpn server 192.168.11.85

i tried:

Code:

route add -net 10.8.0.0 netmask 255.255.255.0 gw 192.168.11.85 dev br-lan

br-lan is the lan interface on my openwrt router

now i can run "ping 10.8.0.1" on my router and get a reply (10.8.0.1 is the openvpn server)

but my lan clients still get: "From 192.168.11.1 icmp_seq=1 Destination Port Unreachable"

what else is needed?

[ivotkl]

I'm not sure how this might help you, but as I'm currently studying / trying to understand iptables (Linux's firewall) I would recommend you to create a rule there instead. Might work better as you are making a rule by establishing your own target and policy. It is indeed a bit complex, but once you understand it (I still could not) it's wonderful.

[krokoziabla]

I would recommend you to check FORWARD chain of iptables. It's likely that there DROP policy is set (and maybe some ACCEPT rules). You can run

Code:

iptables -L -v

to see the contents of it. If it is iptables that prevent you from routing your 10.8.0.x packets you should add an appropriate rule.

And just in case check the value of the following system variables:

Code:

net.ipv4.conf.br-lan.forwarding

and

Code:

net.ipv4.conf.default.forwarding

You can use sysctl command for that. They should be set to 1 to enable forwarding on the router. I suspect they are since it's a router. But may be NAT translation does not require them to be enabled.