[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] K12OSN a bit OT - how to make responses on the same interface request came in

OK, this still sounds like a classic routing issue, in this case, on server A's part.

>From what I can gather, server A's eth2 must use a cable connection with a static IP, and you're using a static NAT entry to translate that 192.168.x.x IP address to that globally routable static IP.  That's the only way that packets of any sort could enter eth2 from the outside, which it sounds like is what's happening here.

Actually, the way I'd do it is to eschew trying to connect to server A's eth2 at all and just connect to eth1, which sits on that fractional T1. 

If you're concerned about bandwidth on that fractional T1, then looks like it's time to upgrade that fractional T1 to maybe a full T1 or possibly another type of connection.  My cable modem (with a static IP, no less) has a speed of 5Mbps down, 2Mbps up, which is faster than even full T1 speeds, and much less money.

Furthermore, I'd make the default route for server A going out eth1, not eth2--otherwise, there's no point to even having the fractional T1 in the first place.  That's just money wasted.

If my understanding's off here, then is there any way you could do up a diagram and PM it to me?  No sense in cluttering the list with graphics.

Do you GNU?
Microsoft Free since 2003--the ultimate antivirus protection!

Julius Szelagiewicz wrote:
	Thank you for the speedy response. I see that I made my usual
mess when asking a simple question, so I'll try to to clean it up:

server A: eth1 routable public address 74.x.x.x, frac T1,
	eth2 cable non-routable address 192.168.x.x, fast, default route
	openvpn run as server and client
server B: eth1 cable, non routable 10.10.x.x
	openvpn run as client only
server C: eth1 routable public address 65.x.x.x
	openvpn run as server and client
server D: eth1 routable public address 216.x.x.x
	openvpn run as server

server A connects as openvpn client to server D using default route and
to server C on 65.x.x.x using eth2 by the way of a simple ip route add command.

server B connects as openvpn client to server C on 65.x.x.x

server B needs to connect as openvpn client to server A on 74.x.x.x, this
fails because on server A the UDP packets come on eth2, but responses go
on eth1. The address of server B is private (ISP provided) and changes

	What do I do to make server B connect to server A using openvpn?

I hope that is clearer. Btw, your answer is spot on for the question I
asked instead of the question I meant to ask.


On Thu, 30 Oct 2008, [ISO-8859-1] "Terrell Prud� Jr." wrote:

Julius Szelagiewicz wrote:
Dear Folks,
	I am somewhat stumped with a simple networking scenario:
eth0 - internal,
eth1 - external fast, dhcp non-routable, default route,
eth2 - external public address not very fast.
	I am using openvpn and for connections to other servers I can
easily specify which interface to use. What I need to do is to connect to
openvpn server process on eth2. Unfortunately packets come in on eth2 but
travel out on eth1 - default. Source based routing is no help, since I am
not just passing the packets based on the incoming interface, but I'm
trying to push responses on eth2. Essentialy, on receipt on eth2 of an UDP
packets on port 1194 I need to answer with UDP packet om port 1194 on
	The computers trying to connect have only private addresses from
cable ISPs.
	Any suggestions? Please ...

What I'd do is make a static route for this OpenVPN server, pointing to
eth2's next hop.  Something like this:

  thedude linuxbox# route add -host w.x.y.z gw a.b.c.d

where w.x.y.z is the OpenVPN box that you want to talk to, and a.b.c.d
is eth2's next-hop router.  Now, if you have a bunch of OpenVPN boxes in
the same subnet that you have to talk to--for example, the
network, I'd do it like this:

  thedude linuxbox# route add -net netmask gw

where, again, a.b.c.d is eth2's next hop.

Do you GNU <http://www.gnu.org>?
Microsoft Free since 2003 <http://www.cmosnetworks.com>--the ultimate
antivirus protection!


K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]