On 11/4/10 3:39 AM, Bart Schaefer wrote:
On Wed, Nov 3, 2010 at 7:05 PM, Les Mikeselllesmikesell@gmail.com wrote:
You probably are forwarding packets to the other end of the vpn. Does whatever is on the other end have a route back to your 192.168.144.x range through that end of the vpn?
Ah, that may indeed be the problem. I'm a bit rusty with this stuff. The CentOS box is doing IP forwarding, but that doesn't mean that it's actually acting as a NAT?
No, NAT is something you do in iptables, and if you have done it, the setup is likely to be interface-specific.
On the far end, 192.168.144.0/255 would just use the default route, which is to the gateway for the network to which the VPN is connected. There's no explicit route for my LAN range.
Quick check is a traceroute from the remote server to a 192.168.144.x address. If it doesn't go into the tunnel interface you need to add a route for the range via the remote tunnel ip.
Connections from the server itself will source from the tunnel address, not the LAN.
Well, yeah, that part I expected. I was presuming the return packets would go back to the tunnel address, which would send them to my server, which would then NAT them back to the original LAN source; but maybe that translation isn't happening where I thought it was.
No, you can NAT at the tun interface but then the connections only work in one direction. Normally for LAN-LAN connections you want to maintain and route the private ranges and only NAT at the internet gateways.