1

I am attempting to connect two networks using OpenVPN using Zentyal 3.3. I have followed the instructions on Zentyal's site, but my clients on Site2 can't ping my clients on Site1, although the VPN server on Site2 can ping the clients on Site1. I suspect this has something to do with routing. Here is the routing table for the VPN server on Site2:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.100.0   192.168.160.5   255.255.255.0   UG    0      0        0 tun0
192.168.101.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.160.0   192.168.160.5   255.255.255.0   UG    0      0        0 tun0
192.168.160.5   0.0.0.0         255.255.255.255 UH    0      0        0 tun0

192.168.1.0/24 is the Internet-connected ethernet adapter on Site2, 192.168.100.0/24 is the LAN on Site1 I want to be able to ping from Site2, 192.168.101.0 is the LAN on Site2, and 192.168.160.0/24 is the VPN network.

Here is the routing table from one of the clients on Site2:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.101.1   0.0.0.0         UG    0      0        0 wlan0
192.168.101.0   0.0.0.0         255.255.255.0   U     9      0        0 wlan0

How can I get the clients on Site2 to connect with the clients on Site1? Thank you for any insight you have.

user1722919
  • 15
  • 1
  • 4

1 Answers1

0

Check the "Advertised Networks" on the client connection for Site2 (in the Site1 server) and make sure it includes 192.168.160.0/24.

It looks like Site2 is conection as what Zentyal calls a "Road Warrior" config rather than site-to-site.

quadruplebucky
  • 5,139
  • 20
  • 23
  • If I add it as an advertised route, I get this in the logs on the client machine: Mon Feb 17 14:31:40 2014 /sbin/ip route add 192.168.160.0/24 via 192.168.160.5 RTNETLINK answers: File exists Mon Feb 17 14:31:40 2014 ERROR: Linux route add command failed: external program exited with error status: 2 Again, I can ping 192.168.100.0/24 from the VPN client on Site2, just not from any client machines on 192.168.101.0/24 on Site2. – user1722919 Feb 17 '14 at 19:32
  • I misread your comment. I can now ping 192.168.100.1 from clients on Site2. I had to change from a TUN interface to TAP, then add (like you suggested) 192.168.160.0/24 to advertised routes. Thanks for your help! – user1722919 Feb 17 '14 at 19:52