Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] OpenVPN & IPRoute - LAN to Remote Server
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Crimjob
Tux's lil' helper
Tux's lil' helper


Joined: 04 Dec 2006
Posts: 111

PostPosted: Fri Sep 28, 2012 5:33 pm    Post subject: [SOLVED] OpenVPN & IPRoute - LAN to Remote Server Reply with quote

Hey Guys,

I've been battling it out with OpenVPN for about a week now. I finally have everything working to the point where I can ping across the tunnel, but I can't for the life of me get routing working correctly so that my LAN can access the remote server without having an openvpn client installed and configured for it. I have a feeling I'm just missing something silly so hoping someone can help me out!

My situation is basically this. I have a LAN at home with a dynamic IP Address, and a remote server with a static IP Address. I've set up the OpenVPN server on my remote server as it has a static IP, and the OpenVPN client sits on my Linux gateway at home on my LAN (which also serves DHCP & Internet to the rest of the LAN). The LAN is at 192.168.0.0/22 and the VPN server is configured as 192.168.3.1 with the client configured as 192.168.3.2. I want to be able to access 192.168.3.1 over the rest of the network on 192.168.0.0/22, but right now, I can only ping it from 192.168.3.2. I can ping 192.168.3.2 from the rest of 192.168.0.0/22, but not 192.168.3.1. My firewall is also configured to allow all traffic on tap0 currently until I get things working correctly. I have a strong feeling I'm missing an IP Route but I've tried so many combinations with no luck at all I just don't know what else to try.

My Server Config:
Code:
port 1194
proto tcp-server
dev tap
tls-server
ca gateway/ca.crt
cert gateway/gateway.crt
key gateway/gateway.key
dh gateway/dh2048.pem
tls-auth ta.key 0
mode server
duplicate-cn
ifconfig 192.168.3.1 255.255.252.0 # openvpn gateway
ifconfig-pool 192.168.3.2 192.168.3.3 255.255.252.0 # ip range for openvpn clients
push "dhcp-option DNS 192.168.0.1"
push "route-gateway 192.168.3.2"
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "route 192.168.0.0 255.255.252.0 192.168.3.2"
push "route 192.168.3.0 255.255.252.0 192.168.0.1"
persist-key
persist-tun
comp-lzo
status openvpn-status.log
verb 3


My Client Config:
Code:
port 1194
proto tcp-client
dev tap
remote x.x.x.x
resolv-retry infinite
nobind
tls-client
ca client/ca.crt
cert client/client.crt
key client/client.key
tls-auth ta.key 1
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
persist-key
persist-tun
comp-lzo
verb 3


Now I've tried many different push routes on the server with restarting both client and server afterwords but I can only ever ping from client to server or back, never from the rest of the network.

Thanks in advanced for any replies!
_________________
"Who are you to judge the life I live? I know I'm not perfect and I don't live to be, but before you start pointing fingers... make sure your hands are clean." ~Bob Marley


Last edited by Crimjob on Fri Oct 05, 2012 5:15 pm; edited 1 time in total
Back to top
View user's profile Send private message
Nimo
Tux's lil' helper
Tux's lil' helper


Joined: 23 Nov 2003
Posts: 111

PostPosted: Thu Oct 04, 2012 5:59 pm    Post subject: Reply with quote

Have you tried:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
on both the OpenVPN-boxes?


If that doesn't help, please post the output from
Code:
route -n
from both OpenVPN-boxes.
_________________
//Nimo
Back to top
View user's profile Send private message
Crimjob
Tux's lil' helper
Tux's lil' helper


Joined: 04 Dec 2006
Posts: 111

PostPosted: Fri Oct 05, 2012 5:14 pm    Post subject: Reply with quote

Thanks for the response Nimo!

I do have ip_forwarding enabled on both boxes. Unfortunately I managed to fix this myself and I'm not really sure how :P

I basically took the OpenVPN sample configurations and modified them for myself (ignoring everything on the guides / manuals / gentoo wiki etc.) and it seems to do just what I need it to do now.

Server Config
Code:
port 1194
proto udp
dev tun
ca gateway/ca.crt
cert gateway/gateway.crt
key gateway/gateway.key  # This file should be kept secret
dh gateway/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.252.0"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


Client Config:
Code:
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca client/ca.crt
cert client/client.crt
key client/client.key
tls-auth ta.key 1
comp-lzo
verb 3


Perhaps my old config was too wacky with all the MTU settings and such? Either way it's working the way I need it now :D
_________________
"Who are you to judge the life I live? I know I'm not perfect and I don't live to be, but before you start pointing fingers... make sure your hands are clean." ~Bob Marley
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum