Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Egor2016-10-04 14:08:41
openvpn
Egor, 2016-10-04 14:08:41

OpenVPN routers with built-in clients, how to set up subnets?

Good day, I apologize in advance for this question, I know that there are a lot of such topics, but still I can’t achieve a clear result.
There is a server (on it openvpn-server) with public ip, there are 2 identical routers (gray ip) with a built-in openvpn client, subnets of which are 192.168.1.0/24.
Each router is connected to one device via Ethernet.
How to make both routers visible at the same time (the first VPN address: 10.66.77.2 and LAN: 192.168.1.1, the second VPN: 10.66.77.3, LAN: 192.168.1.100) and connected devices behind them.
server.conf
dev tun
port 1194
proto udp
mode server
server 10.66.77.0 255.255.255.0
topology subnet
client-config-dir /etc/openvpn/ccd
tls-server
tls-timeout 120
auth SHA1
cipher BF-CBC
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys /dh2048.pem
comp-lzo
keepalive 40 120
verb 3
persist-tun
persist-key
route 192.168.1.0 255.255.255.0 10.66.77.1
log openvpn-connections.log
ccd/client_1
iroute 192.168.1.0 255.255.255.0
cirod/
client_2 1.0 255.255.255.0

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
Dmitry Shitskov, 2016-10-04
@Zarom

Routers must have different subnets behind them to route between them

Report
Y
younghacker, 2016-12-10
@younghacker

Dmitry Shitskov speaks his mind!
Only those packets that should go to foreign networks are routed!
At you both networks as a matter of fact one network. This refers to a subclass C network, 254 addresses.
No client on this network will send a packet to the router until it sees that the packet is destined for its home network.
If there are no more than 126 hosts on the networks, halve them with a mask.
Here is the calculation.

[[email protected] ~]$ ipcalc 192.168.0.0/24
Network:        192.168.0.0/24
Address space:  Private Use
Address class:  Class C
Netmask:        255.255.255.0 = 24
Broadcast:      192.168.0.255

HostMin:        192.168.0.1
HostMax:        192.168.0.254
Hosts/Net:      254

[[email protected] ~]$ ipcalc 192.168.0.0/25
Network:        192.168.0.0/25
Address space:  Private Use
Address class:  Class C
Netmask:        255.255.255.128 = 25
Broadcast:      192.168.0.127

HostMin:        192.168.0.1
HostMax:        192.168.0.126
Hosts/Net:      126

[[email protected] ~]$ ipcalc 192.168.0.128/25
Network:        192.168.0.128/25
Address space:  Private Use
Address class:  Class C
Netmask:        255.255.255.128 = 25
Broadcast:      192.168.0.255

HostMin:        192.168.0.129
HostMax:        192.168.0.254
Hosts/Net:      126

Similar questions
V
vasRmba2015-07-31 13:06:19
OpenVPN client not connecting to server, what's wrong? 2Reply
B
by_EL2019-12-09 22:09:44
I created an openvpn server according to one of the well-known instructions, how to make a username and password required when a client connects to the server? 2Reply
A
AkZwork2017-07-15 23:09:11
How to remove all routes and install only OpenVPN? 1Reply
S
Sergey Gulin2019-12-16 12:31:39
How to let traffic from apache out of VPN? 1Reply
A
AkZwork2019-12-25 03:11:14
How to allow connection to VPN from additional IP? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question