Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
levap2014-12-04 14:11:04
openvpn
levap, 2014-12-04 14:11:04

How to link multiple client subnets through an OpenVPN server?

Hello dear!
There is a VPN server built on the basis of Ubuntu + OpenVPN, authorization using certificates, white external IP.
There are also three clients that are on their own subnets behind NAT:
Client 1 : subnet 192.168.0.0 255.255.255.0
Client 2 : subnet 192.168.1.0 255.255.255.0
Client 3 : subnet 192.168.2.0 255.255.255.0
VPN network has internal addresses 10.8.0.x, all clients have static addresses (10.8.0.30, 32, 34 respectively).
It was possible to configure access from the server to client subnets.
server.conf fragment

proto tcp
dev tun
server 10.8.0.0 255.255.255.0
client-to-client

client-config-dir ccd
route 192.168.0.0 255.255.255.0
route 192.168.1.0 255.255.255.0
route 192.168.2.0 255.255.255.0

cd/laptop
ifconfig-push 10.8.0.30 10.8.0.31
iroute 192.168.2.0 255.255.255.0

But I can not find how to make access from all subnets between each other. The server here will act only as an intermediary.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
shaazz, 2014-12-04
@levap

addition to your configuration.
You can use the
parameter on the server # this is the IP of the server
ifconfig 10.8.0.1 255.255.255.0
route-gateway 10.8.0.1
route 192.168.0.0 255.255.255.0 10.8.0.30 1
route 192.168.1.0 255.255.255.0
10.8.0.30 255.255.255.0 10.8.0.34 1
and in the files of clients client1 and further by analogy:
ifconfig-push 10.8.0.30 255.255.255.0
iroute 192.168.0.0 255.255.255.0
link
routing must be enabled on the server ip_forward=1

Report
L
levap, 2014-12-04
@levap

shaazz tried with these settings but didn't work so far.
Full server configuration file:

port 1194

proto tcp
;proto udp

;dev tap
dev tun

topology subnet

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

client-config-dir ccd

ifconfig 10.8.0.1 255.255.255.0
route-gateway 10.8.0.1 
route 192.168.0.0 255.255.255.0 10.8.0.32 1
route 192.168.1.0 255.255.255.0 10.8.0.34 1
route 192.168.2.0 255.255.255.0 10.8.0.30 1

client-to-client

keepalive 10 120

tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret

cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

comp-lzo

max-clients 10

persist-key
persist-tun

status /var/log/openvpn-status.log
log /var/log/openvpn.log
;log-append  openvpn.log

verb 3
mute 20

And the client configuration file:
ifconfig-push 10.8.0.30 255.255.255.0
iroute 192.168.2.0 255.255.255.0

and
ifconfig-push 10.8.0.32 255.255.255.0
iroute 192.168.0.0 255.255.255.0

Clients and the server rebooted.
As a result, from the subnet 192.168.0.0 I try to reach the network 192.168.2.0 (ping 192.168.2.1) and it does not work.

Similar questions
V
vakohafa2017-05-16 03:32:13
How to wrap OpenVPN in SSH on Linux? 2Reply
N
NosefU2015-06-01 11:11:54
Is there a Hamachi equivalent with Android support? 3Reply
A
aravindo2019-10-27 02:07:11
How to give access to the site only via VPN? 3Reply
S
syxoi2017-05-26 14:18:10
Trying to break openvpn? 1Reply
M
MaxxDamage2019-11-05 15:44:01
How to separate traffic? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question