Network issue behind OpenVPN client?

D

denisden802021-10-19 17:03:40

openvpn

denisden80, 2021-10-19 17:03:40

Guys, I ask for help, the essence of the issue is this.
I raise Openvpn on VPS. It is necessary to connect a home computer and a router in the country. Router ZBT WE1626 with firmware from Padavan. The Internet in the country is obtained through a 4G modem. And everything seemed to work out, I remotely go to the router, I see its subnet (192.168.5.0/24), but I don’t see the 4G modem subnet (192.168.8.0/24), and, accordingly, I can’t access the modem (192.168.8.1)
Screenshots and configs:

Scheme

ZBT_Modem

ZBT_OVPN

routes on the router:

ZBT_Route

the firewall on the router is disabled:

ZBT_Firewall

Routes on PC:

PC_Route

routes on the server:

Server_Route

firewall on the server:

Server_Firewall

OVPN server config file:

serverOVPN.conf

port 1194
proto udp
dev tun
ca ca.crt
cert serverOVPN.crt
key serverOVPN.key # This file should be kept secret
dh dh2048.pem
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-256-CBC
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt

push "route 192.168.5.0 255.255.255.0"
push "route 192.168.8.0 255.255.255.0"

client-config-dir ccd
route 192.168.5.0 255.255.255.0
route 192.168.8.0 255.255.255.0

client-to-client

keepalive 10 120
comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log
log /var/log/serverOVPN.log
verb 3
explicit-exit-notify 1

sndbuf 0
rcvbuf 0

Config file of the client on the router:

dacha.conf

client
dev tun
proto udp
remote адрес_сервера 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert dacha.crt
key dacha.key
remote-cert-tls server
tls-auth ta.key 1
key-direction 1
cipher AES-256-CBC
comp-lzo
verb 3
sndbuf 0
rcvbuf 0

Also created ccd directory with file dacha (client name)

dacha

iroute 192.168.5.0 255.255.255.0
iroute 192.168.8.0 255.255.255.0

Where am I that I forgot. Tell.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrey Barbolin, 2021-10-19
@denisden80

Routes on the modem can be viewed?
You can reach clients on the 192.168.5.0/24 network because the router for them is GW and it has a route to the VPN network. But your modem does not have a route to your VPN network, and it has a GW provider. There are two options here, register a route on the modem (if it allows it) or configure NAT on the router towards the modem (although this is strange, local network clients can access the modem, but VPNs cannot, which means that local network clients are connected when accessing the modem and the modem sees everyone under the same address).

D

Drno, 2021-10-19
@Drno

on the home router, specify the route to the modem subnet, because the router is not aware of what is behind the country router ...
or do port forwarding (do you need a web interface?)

D

denisden80, 2021-10-19
@denisden80

And as a gateway, what to prescribe?
And my home router does not participate in the VPN. The client is on a PC.
The fact is that from the server itself (VPS) I do not ping the modem network (192.168.8.0). Maybe something needs to be added on the router, or maybe in the modem itself? In short, it is not clear