need Openvpn routing help

[Charlie Farinella]

On Monday 16 June 2008, Thomas Charron wrote:
> On Mon, Jun 16, 2008 at 4:41 PM, Thomas Charron <twaffle at gmail.com> 
wrote:
> > On Mon, Jun 16, 2008 at 4:25 PM, Charlie Farinella
> >> 10.8.8.6 is pingable
> >> from this machine and traceroute shows it as one hop, I can ssh in,
> >> etc.  I get similar error messages (SIOCADDRT: Network is 
unreachable)
> >> if I try to set it up on a Linux client.  I don't understand how I 
have
> >> to set the gateway, or perhaps I'm misunderstanding what the 
gateway
> >> should be.
> >  Hrm.  Do you have the --client-to-client option anyplace?  Can you
> > connect in a way BESIDES ping to the other machines, like, ssh, or
> > telnet to port 22?
> 
>   This is an excerpt from the man pages regarding the
> --client-to-client.  Remember, OpenVPN doesn't just dump packets, it
> manages them.  These two options are important for what your wish to
> do:
> 
> =====  From man openvpn::

>     The --iroute directive also has an important interaction with
> --push "route ...". --iroute essentially defines a subnet which is
> owned by a particular client (we will call this client A). If you
> would like other clients to be able to reach A's subnet, you can use
> --push "route ..." together with --client-to-client to effect this. 

I had set the iroute directive earlier and was able to ping through to 
the secondary interface from the server, but not from the other 
clients.  Pushing the route has now allowed the other clients to see 
the interface as well.  Thank you.  :-)

My last remaining obstacle is allowing the packets to be forwarded 
through OpenBSD's packet filter.  I will do some reading and hopefully 
will have this up and running soon.

Thanks to everyone, you guys are "it".  :-)

--charlie

-- 
------------------------------------------------------------------------
Charles Farinella 
Appropriate Solutions, Inc. (www.AppropriateSolutions.com)
cfarinella at AppropriateSolutions.com
voice: 603.924.6079   fax: 603.924.8668