Jenny Hopkins hopkins.jenny@gmail.com
openvpn connection [...] Openvpn uses a tunnel of 12.3.3.0 [...] second computer on my internal network, 192.168.1.whatever [...] try at assigning a static address on the 12.3.3.0 network to no avail, it couldn't ping the computer here on its tun 12.3.3.6 address. [...] Is this an impossible mission, or are there any tricks and tools i can be using to make this happen? [...]
I got a bit lost among the missing IP addresses and quite exactly where "here" and "internal" actually are, but I didn't see you setting ip_forward on the openvpn-connected machine, which seems like one thing which might prevent it working.
It should be a case of setting the routing parameters correctly on each machine. The "route" config options in openvpn may help with that... or they might not.
Sometimes I resort to setting up NAT and masquerading in this sort of situation, mainly because I've been doing that for years and it avoids anything I don't control getting upset at there suddenly being a network where there was only a single IP address.
Here's a script I used for masquerading recently, but the device and network details may not reflect what you actually need to do, and there may be a security flaw in this (I suspect the MASQUERADE line should probably have -s 192.168.0.0/24 -i eth2 on it):
echo 1 > /proc/sys/net/ipv4/ip_forward iptables-restore << EOF *nat :PREROUTING ACCEPT [573:36591] :POSTROUTING ACCEPT [59:5375] :OUTPUT ACCEPT [43:6574] -A POSTROUTING -o tun1 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [118:33140] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [170:21363] -A FORWARD -i tun1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.0.0/24 -i eth2 -j ACCEPT -A FORWARD -j LOG -A FORWARD -j DROP COMMIT EOF
Hope that helps,