Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
bald_uncle2020-10-16 17:51:45
openvpn
bald_uncle, 2020-10-16 17:51:45

Configure LAN access for OpenVPN clients on CentOS?

Good evening, please help me with this issue. Newbie in Linux.

OpenVPN is configured on centos 8, clients connect without problems. One of the clients is a Mikrotik router. Here you need to configure the micro PC to see the network of the OpenVPN server.
Network configuration

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.101.2  netmask 255.255.254.0  broadcast 172.25.101.255

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.255  destination 192.168.10.2

openvpn server.conf file
port 55000
proto tcp
dev tun

ca /etc/openvpn/server/keys/ca.crt
cert /etc/openvpn/server/keys/srv-openvpn.crt
key /etc/openvpn/server/keys/srv-openvpn.key
dh /etc/openvpn/server/keys/dh.pem

#VPN сеть
server 192.168.10.0 255.255.255.0

#Чтобы локалка клиентов видила сервак VPN
push "route 172.25.101.0 255.255.254.0" \\Локал сеть сервера
push "route 192.172.10.0 255.255.255.0" \\Сеть за микротом
push "route 192.168.10.0 255.255.255.0"

#Маршруты к сети за VPN
#Чтобы сервер VPN видел локалку
route 192.172.10.0 255.255.255.0

#параметры клиентов
ifconfig-pool-persist /etc/openvpn/client/ipp.txt
#клиеты видят друг друга
client-to-client
client-config-dir /etc/openvpn/client

keepalive 10 120

#tls-проверка подлиности
#tls-server
#tls-auth /etc/openvpn/server/keys/ta.key 0 # This file is secret
#tls-timeout 15

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

#Кодировка
cipher AES-256-CBC
auth SHA1

#Не пересматривать сертификаты после перезагрузки
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 6
mute 20


route command output
172.25.100.0    0.0.0.0         255.255.254.0   U     100    0        0 enp0s3
192.168.10.0    192.168.10.2    255.255.255.0   UG    0      0        0 tun0
192.168.10.2    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.43.0    192.168.10.2    255.255.255.0   UG    0      0        0 tun0
192.172.10.0    192.168.10.2    255.255.255.0   UG    0      0        0 tun0


iptables --list output
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

ACCEPT     all  --  192.162.10.0/24      192.172.10.0/24
ACCEPT     all  --  192.162.10.0/24      172.25.100.0/23

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


client file output
iroute 192.172.10.1 255.255.255.0
ifconfig-push 192.168.10.13 192.168.10.14


Here's what's on Mikrotik
5f89b34e07166661094222.png

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
res2001, 2020-10-16
@res2001

It's too much:

push "route 192.172.10.0 255.255.255.0" \\Сеть за микротом
push "route 192.168.10.0 255.255.255.0"

Remove this in the client file, in the iroute option.
route 192.172.10.0 255.255.255.0
Why do you have white addresses on the local network behind the microtome? Are you renting a subnet from Provo? (192.172.10.0/24)
But that has nothing to do with the case.
In general, you, apparently, need the computers on the network behind the VPN server to have access to the computers behind the Mikrotik and vice versa?
VPN itself is configured normally. This can be seen from the fact that you successfully connect to the VPN server and apparently from Mikrotik you have access to computers on the network behind the VPN server.
You simply do not have enough routing rules on computers in one or the other network. I suspect that the VPN server is not the default gateway for computers within the network and they do not know the correct route to the network behind Mikrotik.

Report
B
bald_uncle, 2020-10-16
@bald_uncle

192.172.10.0/24 are the addresses that mikrotik distributes via dhcp for its users.

Вообще вам же, видимо, нужно что бы компы в сети за сервером ВПН имели доступ к компам за микротиком и наоборот?
- absolutely right
Сама ВПН у вас настроена нормально. Это видно из того, что вы успешно подключаетесь к ВПН серверу и видимо с микротика имеете доступ к компам в сети за сервером ВПН.
- no, I only see the server and that's it
Подозреваю, что ВПН сервер не является шлюзом по умолчанию для компов внутри сети и они не знают правильного маршрута до сети за микротиком.
- that is, the Mikrotik network will access the Internet through my VPN, did I understand correctly? is it possible to bypass it?
can you tell me how to build the routing correctly?

Similar questions
Z
zhaar2019-11-18 14:32:59
How to configure OpenVPN to be used only for a specific address? 1Reply
V
Vladislav2017-06-24 18:19:48
Transfer speed problem with openvpn, how to fix? 3Reply
D
Dmitry Korolev2015-07-20 06:55:07
How to forward the route? 0Reply
O
olegrf892019-12-01 13:56:49
There is a server on DEBIAN openvpn, the speed is cut when downloading files from samba? 1Reply
B
by_EL2019-12-09 22:09:44
I created an openvpn server according to one of the well-known instructions, how to make a username and password required when a client connects to the server? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question