Hello Axel, > Sorry, i dont understood: > why the 2 ips (gmx.de; spiegel.de) a different routing? both are public ips > with same scheme? why there a differnt handle by my routing table? > > > this server is a webserver. over tun0 comes traffic from internet. > also: client -> rootserver (public ip) ---vpn------> server (tun0/10.8.0.6) i > want that all traffic comes over tun0 goes back to tun0.
Routing does not work that way. Routing works in a way that looks at where you want to go and send you to the proper "next hop" router. Advanced routing can also look at who is sending and take action based on that but I know of no way that routing can look at "via which route the original packet came from". Firewalls look at tcp/whatever session information and can act on that, but that is one level up from ip. Routers only look at the ip level. So you need to look at what might come from the tun0 interface and needs to be sent back that way. It usually is either a complete network like 192.168.25.0/24 and in that case you need a route telling OpenVPN and the host to send all that traffic to the OpenVPN tunnel. The iroute statement is used for that, I have several ccd config files for that purpose. If the other side of the tunnel is just 1 machine then that machine should use the VPN ip to send a request via the tunnel, the response will then automatically go via the OpenVPN tunnel as well. Now, if I understand your information correctly, you wrote: > this server is a webserver. over tun0 comes traffic from internet. > also: client -> rootserver (public ip) ---vpn------> server (tun0/10.8.0.6) i > want that all traffic comes over tun0 goes back to tun0. Do you mean to say that the webserver is ONLY linked to the internet via the openVPN tunnel? Because in that case indeed you need to have a default route to the ip number on the other side of the link. In that case make sure there is a separate routing line on the host so it can access all other hosts on the local network. But.... this no longer seems to be an OpenVPN problem, but a routing problem. And of course, those usually go hand in hand, that is why we have no problem here explaining routing related to OpenVPN but somehow I get the feeling you might miss some basic knowledge of routing in general. Please look up some additional information on the internet to enhance your knowledge if that is the case. OpenVPN simply creates another link for your server. Try to see if you can understand what would be needed if besides your normal br0 interface there is another interface with a REALY LONG (but still working) ethernet cable to that system at the other side of the OpenVPN link. What would need to change on your host? Bonno Bloksma Tio university of applied science ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
