I have separate router/OpenVPN appliances at two different sites. The appliances are actually TP Link routers running OpenWRT 12.09, r36088. I would like clients behind these two routers to be able to connect to one another.
One router is configured as an OpenVPN server 192.168.10.1 in front of 192.168.10.0/24, the other as an OpenVPN client 10.1.1.1 in front of 10.1.1.0/24.
As of now, there is a kind of tunnel between the two. The OpenVPN client can connect to all hosts on 10.1.1.0/24 and 192.168.10.0/24. I was able to get the OpenVPN server to connect to the client on its VPN interface, but that's it. I also can't connect from hosts behind the OpenVPN client to hosts behind the OpenVPN server–this is really my ultimate goal.
- The server is actually in the DMZ of a comcast small business modem/router (lan IP 192.168.1.1) with all traffic forwarded to it. The server is given 192.168.1.2 by the comcast router, and is 192.168.10.1 on its own LAN side.
SERVER
# ip route show
default via 192.168.1.1 dev eth0.2 proto static
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
10.8.0.6 via 10.8.0.2 dev tun0
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.2
192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
# ping 10.8.0.6 -c 2
PING 10.8.0.6 (10.8.0.6): 56 data bytes
64 bytes from 10.8.0.6: seq=0 ttl=64 time=48.579 ms
64 bytes from 10.8.0.6: seq=1 ttl=64 time=236.587 ms
--- 10.8.0.6 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 48.579/142.583/236.587 ms
# ping 10.1.1.1 -c 2
PING 10.1.1.1 (10.1.1.1): 56 data bytes
--- 10.1.1.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
## A ROUTE I THINK I MAY NEED TO ADD
# ip route add 10.1.1.0/24 via 10.8.0.6
RTNETLINK answers: No such process
CLIENT
# ip route show
default via $PUBLIC_IP dev eth0.2 proto static
10.1.1.0/24 dev br-lan proto kernel scope link src 10.1.1.1
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
$PUBLIC_IP_RANGE dev eth0.2 proto kernel scope link src $PUBLIC_IP
192.168.10.0/24 dev tun0 scope link
# ping 192.168.10.25
PING 192.168.10.25 (192.168.10.25): 56 data bytes
64 bytes from 192.168.10.25: seq=0 ttl=63 time=294.408 ms
64 bytes from 192.168.10.25: seq=1 ttl=63 time=21.798 ms
--- 192.168.10.25 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 21.798/158.103/294.408 ms
HOST BEHIND CLIENT
$ ping 192.168.10.25
PING 192.168.10.25 (192.168.10.25) 56(84) bytes of data.
From 10.1.1.1 icmp_seq=1 Destination Port Unreachable
From 10.1.1.1 icmp_seq=2 Destination Port Unreachable
--- 192.168.10.25 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
$ traceroute 192.168.10.25
traceroute to 192.168.10.25 (192.168.10.25), 30 hops max, 60 byte packets
1 OpenWrt.lan (10.1.1.1) 0.225 ms 0.230 ms 0.274 ms
2 OpenWrt.lan (10.1.1.1) 0.350 ms 0.417 ms 0.475 ms
What I want to do is kind of covered under this example from the OpenVPN docs](https://openvpn.net/index.php/open-source/documentation/howto.html#examples) find on the page "# EXAMPLE: Suppose the client".
The docs there recommend making alterations to an openvpn server.conf, but for some reason I can't seem to figure out where the final should be or how to load it.
Most of what I know about OpenVPN is written down on this page or on the OpenWRT OpenVPN Setup For Beginners. I guess OpenWRT uses some kind of proprietary configuration management tool uci, so that hid some of the initial openvpn configuration from me.
wiki.openwrt.org/doc/howto/vpn.openvpn
Best Answer
Sorry, your setup is unclear.
The way I understand your setup is this:
There are two IPs whose function is unclear: 10.8.0.1 and 10.8.0.6. What interfaces on which boxes are they assigned to and what should their function be?
Discounting the mystery of 10.8.0.{1,6}, what appears to be missing is a route on box A to the subnet behind box B: