[ previous ] [ next ] [ threads ]
 
 From:  Sven Brill <madde at gmx dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OpenVPN routing issue
 Date:  Tue, 06 Dec 2005 09:26:26 -0500
Christof Murgott wrote:

> Hi!
> I'm running 1.2b10-ovpn5 [1] (same issue with 1.2b10) on my system. The
> OpenVPN daemon works fine on the DMZ interface. The clients (WinXP SP2)
> connect via tap device to the m0n0wall. I can access my LAN, but I'm
> unable to access any  WAN adresses although the firewall accepts the
> packets.

I ran into the same thing, turns out NAT is not enabled in this build. I 
have not had time to play with the config.xml for a permanent fix, but 
here it goes (until the next reboot):

first, check status.php under "ipnat -lv". you will probably see 
something like this (if your LAN is 192.168.1.0/24):

List of active MAP/Redirect filters:
map dc0 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map dc0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map dc0 192.168.1.0/24 -> 0.0.0.0/32

now, let's say your OpenVPN address space is 192.168.5.0/24. all you 
need to do is add a NAT rule for that address space. go to exec.php. 
from the top of my head, I would say execute three commands:

ipnat map tap0 192.168.5.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
ipnat map tap0 192.168.5.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
ipnat map tap0 192.168.5.0/24 -> 0.0.0.0/32

try it out, all traffic from the clients should now be routed through 
the tunnel. You might have to manually assign IPs now, though, because 
EVERYTHING is tunneled, including DHCP renewal requests, that might mess 
up things.

Now, if there is a simple setting for this one could apply to the 
config.xml, I would be a happy camper. anyone?

Sven