Answer the question
In order to leave comments, you need to log in
G
G
Gourii2020-07-21 15:37:42
Gourii, 2020-07-21 15:37:42
Why can't the OpenVPN client see the network behind the server?
Hello. I know that this topic is just izzhova on the Internet, but I just can not win. How to make the client see the network behind the OpenVPN server. There is a home network 192.168.0.0/24, in this network there is a computer with Ubuntu Server 192.168.0.3. Server network 10.8.0.0/24. When connecting to the server, the client pings other clients and the server itself, and from the server's internal network sees only its internal ip (192.168.0.3).
Server config
***@ServerUbuntu:~$ cat /etc/openvpn/server.conf
port 1104
proto udp
dev tun
topology subnet
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 10.8.0.0 255.255.255.0
client-config-dir ccd
#ifconfig-pool-persist /etc/openvpn/ipp.txt
#маршрут для клиентов до домашней сети
push "route 192.168.0.0 255.255.255.0"
route-gateway 10.8.0.1
tls-server
tls-auth /etc/openvpn/ta.key 0
tls-timeout 120
auth SHA1
cipher AES-256-CBC
client-to-client
keepalive 10 120
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
mute 20
#crl-verify /etc/openvpn/crl.pem
management localhost 7701
***@ServerUbuntu:~$ cat /etc/openvpn/server.conf
port 1104
proto udp
dev tun
topology subnet
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
server 10.8.0.0 255.255.255.0
client-config-dir ccd
#ifconfig-pool-persist /etc/openvpn/ipp.txt
#маршрут для клиентов до домашней сети
push "route 192.168.0.0 255.255.255.0"
route-gateway 10.8.0.1
tls-server
tls-auth /etc/openvpn/ta.key 0
tls-timeout 120
auth SHA1
cipher AES-256-CBC
client-to-client
keepalive 10 120
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
mute 20
#crl-verify /etc/openvpn/crl.pem
management localhost 7701
Client configs are the same.
Client config
***@ServerUbuntu:~/openvpn-ca/clients-configs/work$ cat work.ovpn
pull
client
dev tun
proto udp
remote ***.org 1104
resolv-retry infinite
ca ca.crt
cert work.crt
key work.key
tls-client
tls-auth ta.key 1
auth SHA1
cipher AES-256-CBC
remote-cert-tls server
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 20
***@ServerUbuntu:~/openvpn-ca/clients-configs/work$ cat work.ovpn
pull
client
dev tun
proto udp
remote ***.org 1104
resolv-retry infinite
ca ca.crt
cert work.crt
key work.key
tls-client
tls-auth ta.key 1
auth SHA1
cipher AES-256-CBC
remote-cert-tls server
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 20
ccd client
***@ServerUbuntu:~$ cat /etc/openvpn/ccd/work
ifconfig-push 10.8.0.4 255.255.255.0
***@ServerUbuntu:~$ cat /etc/openvpn/ccd/work
ifconfig-push 10.8.0.4 255.255.255.0
Added the following rules to Iptables:
IPTABLES -A INPUT -i tun0 -j ACCEPT
IPTABLES -A FORWARD -i tun0 -j ACCEPT
IPTABLES -A FORWARD -s 10.8.0.0/24 -d 192.168.0.0/24 -j ACCEPT
IPTABLES -A FORWARD -s 192.168.0.0 -d 10.8.0.0/24 -j ACCEPT
Iptables -L output is not included in the message.
1 answer(s)
@res2001
R
res2001, 2020-07-21 @res2001
Because devices inside the network do not know anything about the existence of the VPN network and send all responses to the default gateway. And your default gateway is not a VPN server, as far as I understand. As a result, response packets are lost.
It is necessary on each device within the network to add a route to the VPN network through the VPN server.
Similar questions
R
R
D
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question