Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Please help, something's wrong with routing or vpn

From: "Tomas" <wisher () myliu m-1 lt>
Date: Tue, 14 Dec 2004 17:04:45 +0200
Hello all,

Please help me if you can. I'v built a VPN between two LANS with OpenBSD 3.6
and D-Link router. Everything works fine and both hosts can see each other
if VPN is set up like this:

(192.168.0.2) Host1 (gateway for it is 192.168.0.1)
          |
          | Intranet
          |
(192.168.0.1) D-Link router's internal ip
(external_ip) D-Link router's external ip (VPN host)
          |
          | Internet
          |
(external_ip) Router's external ip
(10.30.1.1) Router's internal ip
          |
          | DMZ
          |
          |---- (external_ip) OpenBSD's external ip (VPN host)
          |---- (10.30.1.103) OpenBSD's internal ip
          |
          | Intranet
          |
(10.30.1.15) Host2 (gateway for it is 10.30.1.103)


But if VPN is set up like this:


(192.168.0.2) Host1 (gateway for it is 192.168.0.1)
          |
          | Intranet
          |
(192.168.0.1) D-Link router's internal ip
(external_ip) D-Link router's external ip (VPN host)
          |
          | Internet
          |
(external_ip) Router's external ip
(10.30.1.1) Router's internal ip
          |
          | DMZ
          |
          |---- (external_ip) OpenBSD's external ip (VPN host)
          |---- (10.30.1.103) OpenBSD's internal ip
          |
          | Intranet
          |
(10.30.1.15) Host2 (gateway for it is 10.30.1.1, but there is a route entry
added in it's routing table: dest_192.168.0.0/24 gate_10.30.1.103)

Host2 can see Host1, but Host1 can't see Host2. If I try to add a rout entry
to OpenBSD's routing table (dest_10.30.1.0/24 gate_10.30.1.1) it says: File
exist. Firewalls were disabled for testing purposes. I don't understand
what's wrong.
Previous By Date Next
Previous By Thread Next

Current thread: