Find the answer to your Linux question:
Results 1 to 3 of 3
hi, got a little routing issue, i would like to tell my router that connections to 10.8.0.x should be redirected to a local machine which then does the openvpn connection. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2013
    Posts
    9

    routing question


    hi,

    got a little routing issue, i would like to tell my router that connections to 10.8.0.x should be redirected to a local machine which then does the openvpn connection.

    so my network looks like this:
    Code:
    client - >    switch -> router -> inet
                   ^
    openvpn server |
    client 192.168.11.115
    router 192.168.11.1
    openvpn server 192.168.11.85

    i tried:
    Code:
    route add -net 10.8.0.0 netmask 255.255.255.0 gw 192.168.11.85 dev br-lan
    br-lan is the lan interface on my openwrt router

    now i can run "ping 10.8.0.1" on my router and get a reply (10.8.0.1 is the openvpn server)

    but my lan clients still get: "From 192.168.11.1 icmp_seq=1 Destination Port Unreachable"

    what else is needed?

  2. #2
    Linux Newbie
    Join Date
    Jan 2013
    Location
    Argentina
    Posts
    112
    I'm not sure how this might help you, but as I'm currently studying / trying to understand iptables (Linux's firewall) I would recommend you to create a rule there instead. Might work better as you are making a rule by establishing your own target and policy. It is indeed a bit complex, but once you understand it (I still could not) it's wonderful.

  3. #3
    Just Joined! krokoziabla's Avatar
    Join Date
    Sep 2012
    Location
    Russia
    Posts
    20
    I would recommend you to check FORWARD chain of iptables. It's likely that there DROP policy is set (and maybe some ACCEPT rules). You can run
    Code:
    iptables -L -v
    to see the contents of it. If it is iptables that prevent you from routing your 10.8.0.x packets you should add an appropriate rule.

    And just in case check the value of the following system variables:
    Code:
    net.ipv4.conf.br-lan.forwarding
    and
    Code:
    net.ipv4.conf.default.forwarding
    You can use sysctl command for that. They should be set to 1 to enable forwarding on the router. I suspect they are since it's a router. But may be NAT translation does not require them to be enabled.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •