[SOLVED] OpenVPN & IPRoute - LAN to Remote Server

[Crimjob]

Hey Guys,

I've been battling it out with OpenVPN for about a week now. I finally have everything working to the point where I can ping across the tunnel, but I can't for the life of me get routing working correctly so that my LAN can access the remote server without having an openvpn client installed and configured for it. I have a feeling I'm just missing something silly so hoping someone can help me out!

My situation is basically this. I have a LAN at home with a dynamic IP Address, and a remote server with a static IP Address. I've set up the OpenVPN server on my remote server as it has a static IP, and the OpenVPN client sits on my Linux gateway at home on my LAN (which also serves DHCP & Internet to the rest of the LAN). The LAN is at 192.168.0.0/22 and the VPN server is configured as 192.168.3.1 with the client configured as 192.168.3.2. I want to be able to access 192.168.3.1 over the rest of the network on 192.168.0.0/22, but right now, I can only ping it from 192.168.3.2. I can ping 192.168.3.2 from the rest of 192.168.0.0/22, but not 192.168.3.1. My firewall is also configured to allow all traffic on tap0 currently until I get things working correctly. I have a strong feeling I'm missing an IP Route but I've tried so many combinations with no luck at all I just don't know what else to try.

My Server Config:

Code: Select all

port 1194
proto tcp-server
dev tap
tls-server
ca gateway/ca.crt
cert gateway/gateway.crt
key gateway/gateway.key
dh gateway/dh2048.pem
tls-auth ta.key 0
mode server
duplicate-cn
ifconfig 192.168.3.1 255.255.252.0 # openvpn gateway
ifconfig-pool 192.168.3.2 192.168.3.3 255.255.252.0 # ip range for openvpn clients
push "dhcp-option DNS 192.168.0.1"
push "route-gateway 192.168.3.2"
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "route 192.168.0.0 255.255.252.0 192.168.3.2"
push "route 192.168.3.0 255.255.252.0 192.168.0.1"
persist-key
persist-tun
comp-lzo
status openvpn-status.log
verb 3

My Client Config:

Code: Select all

port 1194
proto tcp-client
dev tap
remote x.x.x.x
resolv-retry infinite
nobind
tls-client
ca client/ca.crt
cert client/client.crt
key client/client.key
tls-auth ta.key 1
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
persist-key
persist-tun
comp-lzo
verb 3

Now I've tried many different push routes on the server with restarting both client and server afterwords but I can only ever ping from client to server or back, never from the rest of the network.

Thanks in advanced for any replies!

[Nimo]

Have you tried:

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward

on both the OpenVPN-boxes?


If that doesn't help, please post the output from

Code: Select all

route -n

from both OpenVPN-boxes.

[Crimjob]

Thanks for the response Nimo!

I do have ip_forwarding enabled on both boxes. Unfortunately I managed to fix this myself and I'm not really sure how

I basically took the OpenVPN sample configurations and modified them for myself (ignoring everything on the guides / manuals / gentoo wiki etc.) and it seems to do just what I need it to do now.

Server Config

Code: Select all

port 1194
proto udp
dev tun
ca gateway/ca.crt
cert gateway/gateway.crt
key gateway/gateway.key  # This file should be kept secret
dh gateway/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.252.0"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Client Config:

Code: Select all

client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca client/ca.crt
cert client/client.crt
key client/client.key
tls-auth ta.key 1
comp-lzo
verb 3

Perhaps my old config was too wacky with all the MTU settings and such? Either way it's working the way I need it now