PETER EASTHOPE wrote:
> Can anyone suggest an adjustment?
> Is bridging the home and work networks
> through the tunnel, for example, likely to
> solve it?
Your firewall setup seems fairly complicated.
I just setup OpenVPN for the first time last weekend to
connect my home to my co-located server, a couple suggestions
1) probably easiest, configure a mail server on the
openvpn server remote side, and set it to smart host to
the upstream isp. Send mail to your mail server on the
other side
2) re-verify that your traffic is going across the VPN and
is being NAT'd on the other end.
- For me when I traceroute to the external addresses of
the systems on the other side it is only 3 hops away
- local gateway
- remote vpn side
- target host
My home network is 10.10.10.0/24, and the VPN is on the
10.10.11.0/24 network, I added these iptables rules to
the vpn server:
$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT -s 10.10.11.0/255.255.255.0
--to 209.90.228.140
$IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT -s 10.10.10.0/255.255.255.0
--to 209.90.228.140
And I have this in my openvpn's server.conf
push "route 209.90.228.141 255.255.255.255"
push "route 209.90.228.139 255.255.255.255"
The OpenVPN system itself is 209.90.228.140, I figured it
probably wouldn't be a good idea to try to tunnel that through
the VPN it may cause a routing issue on the vpn client itself
(I expect it would but maybe openvpn/openbsd is smarter)
Client is OpenBSD 4.3 on a cable modem, server is Debian Etch
running in a VMware VM at the co-lo facility.
nate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
