Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Shazo2014-10-29 20:56:33
openvpn
Shazo, 2014-10-29 20:56:33

How to setup routes on openvpn server for LAN access?

Good afternoon.
Need help setting up an openvpn server.
Task: connect to vpn, get ip from subnet 172.16.32.0/24 and get access to local network 192.168.230.0/24.
There is a machine - openvpn centos 6.5 server.
eth0 - ip 192.168.230.176 local network ip
eth1 - ip111.111.111.111 external static ip on server
tun0 - 172.16.32.1 interface for openvpn.
At the moment the vpn client connects, gets ip172.16.32.6.
Pings 172.16.32.1 and 192.168.230.176, but ip192.168.230.174 is gone.
There is access to 192.168.230.174 from the vpn server.
The route is added from the server ip192.168.230.174 and ip172.16.132.1 is pinged, but there is no access to clients connected via vpn.
Trace from client to 192.168.230.14:

1 48 ms 48 ms 51 ms 172.16.32.1
2 172.16.32.1 reports: The specified host is unreachable.

Routes on the client received when connecting vpn:
172.16.32.1 255.255.255.255 172.16.32.5 172.16.32.6 4256
172.16.32.4 255.255.255.252 on-link 172.16.32.6 4511
172.16.32.6 255.255.255.255 on-link 172.16.32.6 4511
172.16.32.7 255.255.255.255 On-Link 172.16. 32.6 4511
192.168.230.0 255.255.255.0 172.16.32.5 172.16.32.6 4256

openvpn server config:
proto tcp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
server 172.16 .32.0 255.255.255.0 # Network for clients
#ifconfig 172.16.32.1 255.255.255.0
push "route 192.168.230.0 255.255.255.0" # Local network where clients should be allowed
route 192.168.230.0 255.255
-quired-user-not-required-
clientname as-common-name
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
script-security 3
#client-to-client
verb 3

iptables --list

Chain INPUT (policy ACCEPT)
target prot opt ​​source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:o penvpn
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp - - anywhere anywhere state NEW tcp dpt:s sh
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpt:openvpn
Chain FORWARD (policy ACCEPT)
target prot opt ​​source destination
REJECT all -- anywhere reject-with icmp-ho st-prohibited
ACCEPT all -- 172.16.32.0/24 192.168.230.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt ​​source destination

Prescribed the rules:
iptables -t nat -A POSTROUTING -s 172.16.32.0/24 -j MASQUERADE
iptables -A FORWARD -i tun0 -s 172.16.32.0/24 -d 192.168.230.0/24 -j ACCEPT
ip_forward included
Tell me what I Am I missing or doing it wrong?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
E
Evgeny Elizarov, 2014-10-29
@KorP

You indicated the routes, but through what should he go there?
push "route-gateway 172.16.32.1"

Similar questions
K
Konstantin2016-11-03 13:12:47
How to force traffic to go through the OpenVPN server? 1Reply
E
Evgeny Vorobyov2020-12-17 23:48:00
Routing from one network to another via the Wireguard > OpenVPN chain? 1Reply
V
Valery Sotnikov2014-11-09 15:31:57
How to forward a port from an OpenVPN server (openvz) to a VPN client? 1Reply
D
Dmitry Aitkulov2014-11-18 08:40:58
Setting up OPENVPN in an organization? 2Reply
G
Gennady Knyazkin2016-11-21 13:16:40
Openvpn client does not see the network behind the server after it (the client's PC) was sent to reboot via the button, what could be the matter? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question