Open VPN. How to add a route to a node through a node in an OpenVPN network?

D

Dmytro Yunh2020-12-06 21:23:44

openvpn

Dmytro Yunh, 2020-12-06 21:23:44

Good hour Khabrovites.

I ask for help in setting up a route to printers on the router network 10.0.1.0/24.
Problem statement:
Provide the ability to print from the 1C Server (172.16.254.132) located in Main DC to printers connected to the network in one of the M01

branches What we have:

TP-LINK router (192.168.0.1) on stock firmware
Apple Time Capsule router (10.0 .1.1) on stock firmware
OpenVPN server (172.16.254.1) is up on a virtual machine with CentOS 7
1C server (172.16.254.132) is up on a Windows Server 2008R2 virtual machine
Printers are not connected yet, the operation of the route from the 1C server (172.16.254.132) can be checked by tracing route to router (10.0.1.1)
Access between nodes in the OpenVPN network (172.16.254.0/24) is functioning normally.

The direction of printing is indicated by the red arrows in the picture.

What I tried:
1. On the 1C server (172.16.254.132) I added a route:
# route -p add 10.0.1.1 mask 255.255.255.0 172.16.254.101 metric 1 if 17
if 17 this is just an interface with a raised TAP for OpenVPN
But, when tracing , packets are first wrapped in 192.168.0.1 and naturally disappear there.

Route print output from 1C server (172.16.254.132)

===========================================================================
Список интерфейсов
17...00 ff 2f 16 07 69 ......TAP-Windows Adapter V9
16...00 0c 29 95 19 64 ......vmxnet3 Ethernet Adapter #2
11...00 0c 29 95 19 5a ......vmxnet3 Ethernet Adapter
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP
13...00 00 00 00 00 00 00 e0 Адаптер Microsoft ISATAP #2
===========================================================================

IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес Маска сети Адрес шлюза Интерфейс Метрика
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.132 5
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.254.0 255.255.255.0 On-link 172.16.254.132 276
172.16.254.132 255.255.255.255 On-link 172.16.254.132 276
172.16.254.255 255.255.255.255 On-link 172.16.254.132 276
192.168.0.0 255.255.255.0 On-link 192.168.0.132 261
192.168.0.132 255.255.255.255 On-link 192.168.0.132 261
192.168.0.255 255.255.255.255 On-link 192.168.0.132 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.132 261
224.0.0.0 240.0.0.0 On-link 172.16.254.132 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.132 261
255.255.255.255 255.255.255.255 On-link 172.16.254.132 276
===========================================================================
Постоянные маршруты:
Сетевой адрес Маска Адрес шлюза Метрика
10.0.1.1 255.255.255.0 172.16.254.101 1
===========================================================================

IPv6 таблица маршрута
===========================================================================
Активные маршруты:
Метрика Сетевой адрес Шлюз
1 306 ::1/128 On-link
17 276 fe80::/64 On-link
17 276 fe80::d9c7:bf09:d25f:b0a8/128
On-link
1 306 ff00::/8 On-link
17 276 ff00::/8 On-link
===========================================================================
Постоянные маршруты:
Отсутствует

Trace output from server 1C to 10.0.1.1

Трассировка маршрута к 10.0.1.1 с максимальным числом прыжков 30

1 <1 мс <1 мс <1 мс 192.168.0.1
2 * * * Превышен интервал ожидания для запроса.
3 * * * Превышен интервал ожидания для запроса.
4 * * * Превышен интервал ожидания для запроса.
5 * * * Превышен интервал ожидания для запроса.
6 * * * Превышен интервал ожидания для запроса.

2. On the OpenVPN server, in the ccd file, for the client, server1c wrote the line:
push "route 10.0.1.0 255.255.255.0 172.16.254.101 1"
The result is similar to adding a route on the 1C server Please tell me

where to dig further.
Thanks in advance.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

Pavel Horoshilov, 2020-12-06
@ksharp98

So are Apple Time and TP-Link directly connected or something or some kind of gateway? or is it a provider L3VPN?

V

ValdikSS, 2020-12-09
@ValdikSS

You either need OpenVPN in TAP mode (L2, not L3 TUN), or specify the i route parameter in the ccd file.
Your question is covered in the OpenVPN documentation, read it.