How to resolve routing in a network with openvpn server?

S

Sergey Kutylev2015-09-17 22:05:18

Computer networks

Sergey Kutylev, 2015-09-17 22:05:18

What we have
There is a network like 172.16.3.0/24. There is a cisco cat 3560g, on which several vlans are terminated in the form of InterfaceVlan, it also performs IVR. (vlan with a network of 172.16.3.0/24, has an address of 172.16.3.1)
A server with Ubuntu is connected to this cisco, on which an OpenVPN server is raised and a tunnel is installed.
Interfaces on the server
eth0 - an external network with a public address through which connections to another openvpn server are established via the public Internet,
eth1 interface with the address 172.16.3.99,
tap0 - the interface from openvpn also received an address from this network 172.16.3.100.
The other end of the tunnel also received an address from this network 172.16.3.101
Routes on the server
[email protected]:~# ip route
default via public_gateway dev eth0
public_net dev eth1 proto kernel scope link src public_ip
172.16.3.0/24 dev eth1 proto kernel scope link src 172.16.3.99
172.16.3.100 dev tap0 scope link
Routes on the cisco
ip route 172.16.3.101 955.255.255.255
ip forward is enabled on the server, but the traffic does not go, what could be the reason?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

chupasaurus, 2015-09-18
@chupasaurus

Remove the address from the tap0 interface settings, it is not needed.
An Ethernet bridge is needed for direct forwarding of clients to the local network.
Routing is not needed, since packets arriving at the tap interface leave immediately from the assigned physical one with its routing table (therefore, the address is superfluous). The route on the cisco is redundant, since in the ARP table the clients will be with the mac address eth1.