openvpn win. The network behind the server is not visible. How to set up routing?

Aramis0872014-03-17 18:24:43

openvpn

Aramis087, 2014-03-17 18:24:43

Hello!
I had a problem, to implement Internet access (address) for an additional office through the main office.
And now, in order:
There is office1 and office2.
Office1 - PC1 OpenVPN Server,
Office2 - PC2 OpenVPN Client.
Office1 and Office2 have different subnets.
Access from PC1 to PC2 works well, both from the subnet 10.8.0.0 and 192.168.0.0 192.168.0.1
The problem is that PC2 does not see other PCs from Office1, respectively, and does not see the gateway through which access can be organized.
Server config:
dev tun
proto udp
port 111
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
topology subnet
route-method exe
route-delay 5
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
client-config-dir "C:\\Program Files\\OpenVPN\\ccd"
route 10.8.0.0 255.255.255.0
cipher AES- 128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 3
Client configuration file:
ifconfig-push 10.8.0.5 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
push "route-gateway 10.8.0.1"
iroute 192.168.0.0 255.25. 255.0
Client config:
client
dev tun
proto udp
remote 111 111
route-method exe
route-delay 5
route 192.168.1.0 255.255.255.0
pull
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
nobind
comp-lzo
persist-key
persist-tun
verb 3

Answer the question

In order to leave comments, you need to log in

7 answer(s)

Aramis087, 2014-03-29
@Aramis087

Happened!
As always, everything is easier than a steamed turnip :)
OpenVPN can create a routed tunnel and an ethernet tunnel, which is what I needed. In this case, we issue unoccupied IP addresses to VPN clients, directly from the local network.
You need to create a bridge between the local network and the OpenVPN adapter.
Specify in the settings of the new bridge IP and the mask of the local network adapter.
In the server config, replace dev tun with dev tap
Add dev-node tap-bridge
Replace the server parameter with
In the client config, replace dev tun with dev tap
Dock: openvpn.net/index.php/open-source/documentation/mi...
Thanks everyone for the leading questions!

Konstantin Kozhin, 2014-03-18
@kkzhn

Try adding to the server config:

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
client-to-client

kodi, 2014-03-18
@kodi

@Aramis087
PC1 is not the main gateway (not the internet gateway) in office1's network?
Have you enabled routing? it is written only about the raised vpn channel.

Aramis087, 2014-03-18
@Aramis087

PC1 has 2 network cards (not counting the OpenVPN interface)
1st - direct access to the Internet with an external IP
2nd - access to the local network of office1 The
gateway in Office1 is an iron router.
The routing service is enabled on both PC1 and PC2.
If you specify a route on PC2 to the desired external IP with a PC1 gateway, it also does not work

Aramis087, 2014-03-24
@Aramis087

kodi, 2014-03-25
@kodi

@Aramis087 From router1 ping 10.8.0.1

java-late, 2014-08-24
@java-late

Hello, I have an almost similar situation with a few changes:
1) I have a remote office with a server on the local network and with the IP of the local network (192.168.0.176). The remote router forwards all the necessary ports to my server, so with a primitive configuration, I connect via OpenVPN and access this server at either 10.8.0.1 or its LAN address 192.168.0.176.
And this is good! =) but I need more!)) - there are several more Linux machines in the remote office network that I need access to (for example, 192.168. - I can’t figure out what’s wrong (obviously the mat. part suffers).
2) The client is behind several NATs:
192.168.3.0/24 --> 192.168.1.0 --> Internet --> Remote Office Router -->> OpenVPN Server