[ale] VPN Routing

David Hillman hillmands at gmail.com
Sat Sep 10 03:49:54 EDT 2011


At work, we are using Untangle as the main router/gateway for our LAN, it's
mainly for the ease with which it does OpenVPN configuration.  The Untangle
box has two networks coming in on the public interface.  One of the networks
goes out to a T1 connection with 10 public IPs.  The other network goes to
another internal router that our main network guys manage.  The Untangle box
only has two interfaces, but it is sitting behind a switch with multiple
VLANs.  I was able to add aliases for all of the IPs we have on both
networks and a static route to the network controlled by the internal
router; the default gateway on the Untangle box is set to the managed router
for the T1 connection.  Everything seems to work fine on the LAN, but none
of the OpenVPN clients can reach the network that is controlled by our other
internal router.  I am guessing that's because the information about that
static route isn't known by any of those clients.  VPN clients can hit any
of the machines on the LAN behind the Untangle box.  My issue is how do I
add the route to the other network without messing things up.  I would
prefer to add the route to the Untangle server and than push that the
clients.  Lord knows how I would get my iPad to handle a static route over
OpenVPN.

For testing purposes, I tried logging into the Untangle box and setting the
route there, but I got a weird "SIOCADDRT: no such device" error.  This is
the command that I used:

route add -net 172.16.0.0/24 192.168.0.1

Maybe I am misunderstanding how OpenVPN routing works, but according to the
routing table, 172.16.0.0 is the network that tun0 uses.  However, I was
given a 192.168.5.x IP address when I logged in through OpenVPN.  It
shouldn't matter, as long as my local machine knows how to handle the route
to the other network.  192.168.0.1 is the IP address for the Untangle
router.

Can anyone clear this up?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110910/7ab301fb/attachment-0001.html 


More information about the Ale mailing list