How to set up LAN access behind an OpenVPN client?

D

dhemming2017-03-16 23:16:50

linux

dhemming, 2017-03-16 23:16:50

Good day.
There are 2 local networks: 192.168.1.0/24 and 192.168.2.0/24.
The 192.168.1.0/24 network is behind the OpenVPN server. The server has 2 network cards eth0 and eth1 (eth1 looks to the Internet, eth0 to the local network).
The network router 192.168.2.0/24 is connected to the Internet by a Megafon modem. This is the network of the OpenVPN client (the client itself is behind NAT in this network and has an IP of 192.168.1.100).
The client connects to the server, can ping the local network behind the server. Ping from the server to the client's local network does not go. Also, computers on the client's network cannot ping the local network behind the server.
Server config:

local XX.XX.XX.XX
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
client-config-dir /etc/openvpn/ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
client-to-client
keepalive 10 120
tls-auth ta.key 0
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn.log
verb 3

File /etc/openvpn/ccd/vpn on the server:
iroute 192.168.2.0 255.255.255.0
Client config:

remote XX.XX.XX.XX 1194
client
dev tun
resolv-retry infinite
proto tcp
nobind
persist-key
persist-tun
tls-auth ta.key 1
ca ca.crt
cert vpn.crt
key vpn.key
verb 3
pull

Route output on the server:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default       IP на внеш.интерф 0.0.0.0         UG    0      0        0 eth1
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
IP на внеш.     *               255.255.252.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0

Route output on the client:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.8.0.13       128.0.0.0       UG    0      0        0 tun0
default         192.168.2.1     0.0.0.0         UG    202    0        0 eth0
Внеш.IP сервера 192.168.2.1     255.255.255.255 UGH   0      0        0 eth0
10.8.0.0        10.8.0.13       255.255.255.0   UG    0      0        0 tun0
10.8.0.13       *               255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.8.0.13       128.0.0.0       UG    0      0        0 tun0
192.168.1.0     10.8.0.13       255.255.255.0   UG    0      0        0 tun0
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.2.0     *               255.255.255.0   U     202    0        0 eth0

The client is raised on Raspberry PI 2. I have been trying to solve the problem for several days now. Please help)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

mureevms, 2017-03-17
@mureevms

Ping from the server to the client's local network does not go. Also, computers on the client's network cannot ping the local network behind the server.
This is normal behavior. The fact is that you just have a single client. Why would the entire network on which the client is located even know about the second remote network on which the server is located? Those. You have everything set up correctly.
If you want to give access to the entire 192.168.2.0 subnet, then you must either 1. set the OVPN of the client to the router, or 2. let all traffic through the machine with the installed client (i.e. it will become a router with all the consequences). If only to several computers, then connect them as clients.