Openvpn – How to let an openvpn client access to another client’s subnet

openvpn

My network topology:

Sorry to ask again here, I'v post this question in StackOverflow:

https://stackoverflow.com/questions/45047558/how-to-let-an-openvpn-client-access-to-another-clients-subnet

The system informed me to post here.

I want all clients in OpenVPN network 10.8.0.0/24 can access to a subnet behind 10.8.0.3

I don't want to do any manully configurations in OpenVPN clients other than 10.8.0.3

I googled lots of solutions, but can't find one meet my demand.

I know it's not easy, so I'm willing to pay for your solution.

Please help, thank you.

Best Answer

You would maybe be able to accomplish this if you can change the client on 10.8.0.3 to a server install of PFsense. Then you could do a site-to-site OpenVPN tunnel. This should allow you to get the routes in place for both ends of that tunnel.

You would also have to add a route on 192.168.1.1 pointing the networks that need a route back towards the next hop 192.168.1.2.

https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/site-to-site-layer-3-routin-using-openvpn-access-server/

Related Solutions

Openvpn for client/server in same subnet

Your default route metric value is lower than the 10.22.0.0/16 route and it gets routed to the default route. In resolving routes, if more than one route matches destination, the lower metric value route takes precedence.

Either push a default route through VPN or lower metric for 10.22.0.0/16 (increase metric for default route).

It should look like this:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
      0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.23    1000
    10.22.0.0      255.255.0.0        10.22.8.1       10.22.8.10     30
    10.22.8.0    255.255.255.0         On-link        10.22.8.10    286
   10.22.8.10  255.255.255.255         On-link        10.22.8.10    286
  10.22.8.255  255.255.255.255         On-link        10.22.8.10    286

OpenVPN multiple servers on the same subnet, high availability

I played with networking and openvpn quite a lot (10+ years sysadmin in ISP) so how about this simple solution.

Create entry in dns that will have n ip addresses for one host (round-robin way)

In Openvpn client put remote name of host so round robin is achieved

On vpn server have two network cards, one is connected to public ip (round robin address 1), other one is connected to private class. Second server, different public address (round robin address 2), same private class.

Create tap0 interface that will bridge addresses to private interface, have single dhcp that will manage addressing to your clients.

This way i think you can achieve as much redundance you want..

Best Answer

Related Solutions

Openvpn for client/server in same subnet

OpenVPN multiple servers on the same subnet, high availability

Related Topic