Routing through an Openvpn tunnel.

Folk,

I have a tunnel as described in openvpn.man,
Example 2, between my home 10.4.0.1 and work
10.4.0.2 machines.
"ping 10.4.0.1" from 10.4.0.2
and
"ping 10.4.0.2" from 10.4.0.1
succeed as expected.

Routing from the LAN attached to 10.4.0.2 does
not work yet.

Near the end of openvpn(8) dated 3 August 2005,
James Yonan wrote,
jy> "Routing:
   ... enable TUN packet forwarding through the firewall:
              iptables -A FORWARD -i tun+ -j ACCEPT
   ..."
which suggests that iptables is involved in routing.

Whereas in the Shorewall mailing list, Tom Eastep
commented,
"You don't specify routing in Shorewall or using
iptables. You specify routing via OpenVPN."

So I'm left with two questions.

* What is the iptables command above doing?  

* What does Tom mean by "... specify routing
  via OpenVPN."?
 
Thanks for any ideas,   ... Peter E.

--
http://carnot.yi.org/ 
  = http://carnot.pathology.ubc.ca/
Desktops.OpenDoc  http://members.shaw.ca/peasthope/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

On Mon, Jul 21, 2008 at 07:02:53PM -0700, peasthope@... wrote: There are 2 parts to the routing question.

1) Does the kernel do ip packet forwarding - this is need to route ipv4
packets

have a look in /etc/ssyctl.conf, there shouldbe an entry
net.ipv4.ip_forward, set it to 1 and either reload sysct.conf with systl
-p or use sysctl -w net.ipv4.ip_forward=1

2) does your firewall allow the packets through

you will need to check your rules to see if you allow traffic from the
local lan to the remote lan


--
"We've had no evidence that Saddam Hussein was involved in Sept. 11."

        - George W. Bush
08/17/2003
Washington, DC