Answer the question
In order to leave comments, you need to log in
How to setup routes on openvpn server for LAN access?
Good afternoon.
Need help setting up an openvpn server.
Task: connect to vpn, get ip from subnet 172.16.32.0/24 and get access to local network 192.168.230.0/24.
There is a machine - openvpn centos 6.5 server.
eth0 - ip 192.168.230.176 local network ip
eth1 - ip111.111.111.111 external static ip on server
tun0 - 172.16.32.1 interface for openvpn.
At the moment the vpn client connects, gets ip172.16.32.6.
Pings 172.16.32.1 and 192.168.230.176, but ip192.168.230.174 is gone.
There is access to 192.168.230.174 from the vpn server.
The route is added from the server ip192.168.230.174 and ip172.16.132.1 is pinged, but there is no access to clients connected via vpn.
Trace from client to 192.168.230.14:
1 48 ms 48 ms 51 ms 172.16.32.1
2 172.16.32.1 reports: The specified host is unreachable.
172.16.32.1 255.255.255.255 172.16.32.5 172.16.32.6 4256
172.16.32.4 255.255.255.252 on-link 172.16.32.6 4511
172.16.32.6 255.255.255.255 on-link 172.16.32.6 4511
172.16.32.7 255.255.255.255 On-Link 172.16. 32.6 4511
192.168.230.0 255.255.255.0 172.16.32.5 172.16.32.6 4256
proto tcp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
server 172.16 .32.0 255.255.255.0 # Network for clients
#ifconfig 172.16.32.1 255.255.255.0
push "route 192.168.230.0 255.255.255.0" # Local network where clients should be allowed
route 192.168.230.0 255.255
-quired-user-not-required-
clientname as-common-name
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
script-security 3
#client-to-client
verb 3
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:o penvpn
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp - - anywhere anywhere state NEW tcp dpt:s sh
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere reject-with icmp-ho st-prohibited
ACCEPT all -- 172.16.32.0/24 192.168.230.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Answer the question
In order to leave comments, you need to log in
You indicated the routes, but through what should he go there?
push "route-gateway 172.16.32.1"
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question