I am trying to find some relevant documentation or what directives I need in either the OpenVPN server configuration or client configuration to accommodate for this use case.
I have an OpenVPN server that clients connect to. The OpenVPN server can communicate directly with any of the clients already, this is not an issue. The client is able to reach any machine on the private subnet where OpenVPN resides, this is also not an issue. My issue is that the reverse is currently not possible – I have servers on the same subnet as the OpenVPN box that cannot reach any of the connecting clients. I'd like to be able to SSH to them and more, the same way the client can reach the servers behind the OpenVPN subnet.
What do I need to do to make this possible? I already have masquerading rules set on the OpenVPN box:
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE
IP Forwarding is enabled:
echo 1 >/proc/sys/net/ipv4/ip_forward
I added a route on the server behind the private subnet to be aware of the route:
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
What am I missing?
Best Answer
Is the OpenVPN server the same as your router?
If this isn't the case, you have to set static routes to use the OpenVPN server to get to the VPN clients.
So, if the OpenVPN server has IP 192.168.1.100, and the OpenVPN clients are 192.168.50.0/24, then your router will need something like:
or whatever is the appropriate syntax.