VPN Subnet routing – Strange behavior.

[matth]

I am running ZeroShell on an ALIX platform.

I had a strange experience with routing and openVPN and I want to hear opinions on why this happened.

When I initially setup my network, I did it in the following manner:

DMZ ETH0  -> no link

LAN ETH1  -> 192.168.3.0/24 .1

WAN ETH2  -> x.x.x.x/29

VPN VPN99 -> 192.168.250.0/24 .254

When setup as such everything functions properly.

Due to a subnet conflict with a remote site, I changed my subnets as follows:

DMZ ETH0  -> no link

LAN ETH1  -> 172.16.42.0/24 .1  *******

WAN ETH2  -> x.x.x.x/29

VPN VPN99 -> 192.168.250.0/24 .254

This setup would not pass any traffic to or from the VPN tunnel.

After a lot of swearing, I changed the setup to the following and everything worked.

DMZ ETH0  -> no link

LAN ETH1  -> 172.16.42.0/24 .1

WAN ETH2  -> x.x.x.x/29

VPN VPN99 -> 172.16.250.0/24 .254  *******

Any thoughts as to why VPN would work as one subnet and not another?

Matt

[yum]

Maybe firewall configuration is an issue?

[matth]

My firewall was set to accept all traffic.

[vpn_rollercoaster]

This is basic “Static Routing 101”. Not a firewall issue or even a zeroshell issue.

[yum]

Do you mean this http://staros.tog.net/wiki/Routing_101 example?

So adding static route to remote LAN via VPN IP on the VPN client side will resolve this issue?

Thank you

[ppalias]

Most likely the remote site had a static route for 172.16.0.0 only, so the VPN tunnel could not be routed. Are you using any RIP for the dynamic routing?

[yum]

I’m just curious. It’s matth’s problem, not mine. Thank you.

[Author]

Posts