View previous topic :: View next topic |
Author |
Message |
Crimjob Tux's lil' helper
Joined: 04 Dec 2006 Posts: 111
|
Posted: Fri Sep 28, 2012 5:33 pm Post subject: [SOLVED] OpenVPN & IPRoute - LAN to Remote Server |
|
|
Hey Guys,
I've been battling it out with OpenVPN for about a week now. I finally have everything working to the point where I can ping across the tunnel, but I can't for the life of me get routing working correctly so that my LAN can access the remote server without having an openvpn client installed and configured for it. I have a feeling I'm just missing something silly so hoping someone can help me out!
My situation is basically this. I have a LAN at home with a dynamic IP Address, and a remote server with a static IP Address. I've set up the OpenVPN server on my remote server as it has a static IP, and the OpenVPN client sits on my Linux gateway at home on my LAN (which also serves DHCP & Internet to the rest of the LAN). The LAN is at 192.168.0.0/22 and the VPN server is configured as 192.168.3.1 with the client configured as 192.168.3.2. I want to be able to access 192.168.3.1 over the rest of the network on 192.168.0.0/22, but right now, I can only ping it from 192.168.3.2. I can ping 192.168.3.2 from the rest of 192.168.0.0/22, but not 192.168.3.1. My firewall is also configured to allow all traffic on tap0 currently until I get things working correctly. I have a strong feeling I'm missing an IP Route but I've tried so many combinations with no luck at all I just don't know what else to try.
My Server Config:
Code: | port 1194
proto tcp-server
dev tap
tls-server
ca gateway/ca.crt
cert gateway/gateway.crt
key gateway/gateway.key
dh gateway/dh2048.pem
tls-auth ta.key 0
mode server
duplicate-cn
ifconfig 192.168.3.1 255.255.252.0 # openvpn gateway
ifconfig-pool 192.168.3.2 192.168.3.3 255.255.252.0 # ip range for openvpn clients
push "dhcp-option DNS 192.168.0.1"
push "route-gateway 192.168.3.2"
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "route 192.168.0.0 255.255.252.0 192.168.3.2"
push "route 192.168.3.0 255.255.252.0 192.168.0.1"
persist-key
persist-tun
comp-lzo
status openvpn-status.log
verb 3
|
My Client Config:
Code: | port 1194
proto tcp-client
dev tap
remote x.x.x.x
resolv-retry infinite
nobind
tls-client
ca client/ca.crt
cert client/client.crt
key client/client.key
tls-auth ta.key 1
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
persist-key
persist-tun
comp-lzo
verb 3
|
Now I've tried many different push routes on the server with restarting both client and server afterwords but I can only ever ping from client to server or back, never from the rest of the network.
Thanks in advanced for any replies! _________________ "Who are you to judge the life I live? I know I'm not perfect and I don't live to be, but before you start pointing fingers... make sure your hands are clean." ~Bob Marley
Last edited by Crimjob on Fri Oct 05, 2012 5:15 pm; edited 1 time in total |
|
Back to top |
|
|
Nimo Tux's lil' helper
Joined: 23 Nov 2003 Posts: 111
|
Posted: Thu Oct 04, 2012 5:59 pm Post subject: |
|
|
Have you tried: Code: | echo 1 > /proc/sys/net/ipv4/ip_forward | on both the OpenVPN-boxes?
If that doesn't help, please post the output from from both OpenVPN-boxes. _________________ //Nimo |
|
Back to top |
|
|
Crimjob Tux's lil' helper
Joined: 04 Dec 2006 Posts: 111
|
Posted: Fri Oct 05, 2012 5:14 pm Post subject: |
|
|
Thanks for the response Nimo!
I do have ip_forwarding enabled on both boxes. Unfortunately I managed to fix this myself and I'm not really sure how
I basically took the OpenVPN sample configurations and modified them for myself (ignoring everything on the guides / manuals / gentoo wiki etc.) and it seems to do just what I need it to do now.
Server Config
Code: | port 1194
proto udp
dev tun
ca gateway/ca.crt
cert gateway/gateway.crt
key gateway/gateway.key # This file should be kept secret
dh gateway/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.252.0"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
|
Client Config:
Code: | client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca client/ca.crt
cert client/client.crt
key client/client.key
tls-auth ta.key 1
comp-lzo
verb 3
|
Perhaps my old config was too wacky with all the MTU settings and such? Either way it's working the way I need it now _________________ "Who are you to judge the life I live? I know I'm not perfect and I don't live to be, but before you start pointing fingers... make sure your hands are clean." ~Bob Marley |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|