Hi everyone, I have OpenVPN working correctly on openSUSE 10.3. ### Setup: ### -openSUSE Server side- Network (192.168.0.0/24) Default-GW - FW with OpenVPN (IP 192.168.0.1) * OpenVPN (Server net 10.8.0.0/24, inet addr:10.8.0.1 P-t-P:10.8.0.2) -openSUSE Client Network Side- Network (192.168.1.0/24) Default-GW - FW with OpenVPN (IP 192.168.1.1) * OpenVPN (Client net 10.8.0.0/24, inet addr:10.8.0.6 P-t-P:10.8.0.5) FW: SuSEfirewall2 * VPN works from both Server to Client and Client to Server. ### Test ### Ping on the client side:
From (GW2) # 192.168.1.1 ping 192.168.0.1 (GW1) PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=19.1 ms
i.e.: ping from 192.168.1.x --> GW 192.168.1.1 --> VPN 10.8.0.6 - 10.8.0.5 --> 10.8.0.2 - 10.8.0.1 VPN --> GW 192.168.0.1 --> Server 192.168.0.100 works. BUT:
From (GW2) # 192.168.1.1 ping 192.168.0.174 (Server) PING 192.168.0.174 (192.168.0.174) 56(84) bytes of data. From 10.8.0.1: icmp_seq=1 Destination Protocol Unreachable
i.e.: ping from 192.168.1.x --> GW 192.168.1.1 --> VPN 10.8.0.6 - 10.8.0.5 --> 10.8.0.2 - 10.8.0.1 VPN --> GW 192.168.0.1 --> Server 192.168.0.174 does not work. AND:
From (GW1) # 192.168.0.1 ping 192.168.1.1 (GW2) PING 192.168.1.1 (192.168.0.1) 56(84) bytes of data. From 10.8.0.1: icmp_seq=1 Destination Protocol Unreachable
i.e.: ping from GW 192.168.0.1 --> VPN 10.8.0.1 - 10.8.0.2 --> 10.8.0.5 - 10.0.8.6 VPN --> GW 192.168.1.1 --> Client Network does not work. Clients can reach OpenVPN network [net 10.8.0.0/24, server 10.8.0.1 & client 10.8.0.6]. Server can reach OpenVPN network [net 10.8.0.0/24, client 10.8.0.6 & server 10.8.0.1]. The Server OpenVPN and Client OpenVPN can ping each other. The server cannot reach the client network or machines behind it at all. Clients can reach the Server GW1 (192.168.0.1) on the network (192.168.0.0/24), but none of the other Servers on the same subnet. I've added these IP Tables part on the server for the tun0 interfaces on both Server and Client: (/etc/sysconfig/scripts/SuSEfirewall2-custom) # Allow TUN interface connections to OpenVPN server iptables -A INPUT -i tun+ -j ACCEPT # Allow TUN interface connections to be forwarded through other interfaces iptables -A FORWARD -i tun+ -j ACCEPT # Allow TAP interface connections to OpenVPN server iptables -A INPUT -i tap+ -j ACCEPT # Allow TAP interface connections to be forwarded through other interfaces iptables -A FORWARD -i tap+ -j ACCEPT (from: http://openvpn.net/faq.html#firewall) I've read the OpenVPN documents, but something is still missing. This seems to be a SuSEfirewall2 config problem. Any insights are welcome. TIA :-) Al -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org