I am trying to setup an OpenVPN tun to connect two lan's
The open vpn connection is up and working but there is a problem with my routing or nat or something.
What I need is an example of what a working, routed openvpn setup should look like on the server and client side. Mainly routing tables, Nat translation, firewalls etc.
My OpenVPN Client can access the network on the server side but my server can't even ping my OpenVpn Client's eth0
My Servers routing:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.3.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.4.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
My Clients routing:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.64.64.64 0.0.0.0 UG 0 0 0 3g-wan
10.8.0.0 10.8.0.9 255.255.255.255 UGH 0 0 0 tun0
10.8.0.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 3g-wan
192.168.1.0 10.8.0.9 255.255.255.0 UG 0 0 0 tun0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
This is automatically setup by openvpn using the:
push "route 192.168.1.0 255.255.255.0"
route 192.168.3.0 255.255.255.0
route 192.168.4.0 255.255.255.0
and iroute command in the client-config-dir
If anyone can suggest something I need to check I would be very grateful
Alex
Edit 1#
OpenVPN Server Config:
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/mom_server.crt
key /etc/openvpn/keys/mom_server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
client-config-dir /etc/openvpn/ccd
client-to-client
route 192.168.3.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
route 192.168.4.0 255.255.255.0
push "route 192.168.4.0 255.255.255.0"
keepalive 10 120
comp-lzo
user nobody
chroot /etc/openvpn
group nogroup
daemon
persist-key
persist-tun
status openvpn-status.log
verb 3
In /etc/openvpn/ccd/flexo_client
iroute 192.168.3.0 255.255.255.0
iroute 192.168.4.0 255.255.255.0
Edit 2#
I have this working, see here for the solution:
Best Answer
OP posted the answer on forums.openvpn.net
Use this server config:
With this /etc/openvpn/ccd/flexo_client
and this client config:
More information on using OpenVPN and iroute can be found on backreference.org