B
B
baden5552018-07-10 16:13:04
openvpn
baden555, 2018-07-10 16:13:04

Routing in linux. OrenVPN?

There is a remote server with ip xxx.xxx.xxx.xxx running the OpenVPN server. There is a computer with subnet 192.168.31.0/24. I have a router with an OpenVPN client. Subnet 192.168.1.0/24
When a connection is established, all computers and routers have access to their addresses issued by the OpenVPN server (subnet 10.8.0.0/24).
You need to access devices not by vpn addresses, but by their local addresses (for example, 192.168.1.1). You also need to access devices from the 192.168.1.0/24 subnet behind the router.
Itself did not master to deal with iptables. But for example, the vpnki.ru service does this without problems, and without configuring routing on clients.
Server config:

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp .txt
client-config-dir /etc/openvpn/ccd
client-to-client
route 192.168.1.0 255.255.255.0
route 192.168.2.0 255.255.255.0
route 192.168.31.0 255.255.255.0
keepalive 10 120
cipher
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

Client config:

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote xxx. xxx. xxx. xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
key-direction 1
verb 3

In the ccd folder in the files with the names of the clients are written:
ifconfig-push 10.8.0.110 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"

according to the required networks.
Tell smart people how to win.
I will promptly take any action to provide additional information.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
B
baden555, 2018-07-11
@baden555

Here is the answer to my question, now everything works as it should:
Server config:

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir / etc/openvpn/ccd
client-to-client
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.31.0 255.255.255.0"
route 192.168.1.0 252.0
keepalive
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
crl-verify crl.pem
In /etc/openvpn/ccd/router file:
Client configs unchanged.

D
Denis, 2018-07-10
@notwrite

In the server config, route 192.168.1.0 ... is completely redundant.
and in the route directive, the gateway address for the network is missing.
push "route 192.168.1.0 ... one for all
re-read the HOWTO and man

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question