Hello Bonno, my Konfiguration for example:
Client --r5d.de --> rootserver (r5d.de) ---forwarding: vpn10.8.0.6 --> myhomeserver So i want that only incoming traffic (requests for server) routing back to the vpn/tun0 all other from server outgoing traffic (e.g. systemupgrads / rsync with other servers) should use the route over the br0-device/192.168.2.101 I dont know its possible to realize with iptables + nat, i try a few things without success. Zitat von Bonno Bloksma <b.blok...@tio.nl>: > Hello Axel, > >> Sorry, i dont understood: >> why the 2 ips (gmx.de; spiegel.de) a different routing? both are >> public ips with same scheme? why there a differnt handle by my >> routing table? >> >> >> this server is a webserver. over tun0 comes traffic from internet. >> also: client -> rootserver (public ip) ---vpn------> server >> (tun0/10.8.0.6) i want that all traffic comes over tun0 goes back >> to tun0. > > Routing does not work that way. Routing works in a way that looks at > where you want to go and send you to the proper "next hop" router. > Advanced routing can also look at who is sending and take action > based on that but I know of no way that routing can look at "via > which route the original packet came from". > Firewalls look at tcp/whatever session information and can act on > that, but that is one level up from ip. Routers only look at the ip > level. > > So you need to look at what might come from the tun0 interface and > needs to be sent back that way. > It usually is either a complete network like 192.168.25.0/24 and in > that case you need a route telling OpenVPN and the host to send all > that traffic to the OpenVPN tunnel. The iroute statement is used for > that, I have several ccd config files for that purpose. > If the other side of the tunnel is just 1 machine then that machine > should use the VPN ip to send a request via the tunnel, the response > will then automatically go via the OpenVPN tunnel as well. > > Now, if I understand your information correctly, you wrote: >> this server is a webserver. over tun0 comes traffic from internet. >> also: client -> rootserver (public ip) ---vpn------> server >> (tun0/10.8.0.6) i want that all traffic comes over tun0 goes back >> to tun0. > Do you mean to say that the webserver is ONLY linked to the internet > via the openVPN tunnel? Because in that case indeed you need to have > a default route to the ip number on the other side of the link. In > that case make sure there is a separate routing line on the host so > it can access all other hosts on the local network. > > But.... this no longer seems to be an OpenVPN problem, but a routing problem. > And of course, those usually go hand in hand, that is why we have no > problem here explaining routing related to OpenVPN but somehow I get > the feeling you might miss some basic knowledge of routing in general. > > Please look up some additional information on the internet to > enhance your knowledge if that is the case. OpenVPN simply creates > another link for your server. > Try to see if you can understand what would be needed if besides > your normal br0 interface there is another interface with a REALY > LONG (but still working) ethernet cable to that system at the other > side of the OpenVPN link. What would need to change on your host? > > > Bonno Bloksma > Tio university of applied science Grüße Axel ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
