I have a site to site openvpn system

i can access the 2 routers together, but my question is, when my main openvpn server is at:
there is a site to site to , where i can versus both sides to access.
my question is, if i connect to my main openvpn server at the, which i can perfectly access, but how could i could i access the site to site lan as well?

so the questions is, when with I connect to the openvpn laptop, i can access the main router, but the site to site other router, i cannot access that subnet.

is it possible to get access to the other subent as well, not only the main openvpn subnet?

You would add a route in the server so that it is aware of the client lan. This is usually done with per-client configuration in a client config directory on the server.

1 Like

yes that is what i want to do, but i do not know how to do it actually.

Please see a reference to ccd here: https://openvpn.net/community-resources/how-to/


push "route"
iroute is the LAN at the remote site we're creating a config for; is a network which should be accessible from the given remote site, it could be another remote site
Personally I'm running multiple OpenVPN servers on the same [non-OpenWrt] device, one for 'dial-in' and another for site-to-site.

the only problem is that now i can access the the site to site, but then the real openvpn subnet i did not access, i even tried even:

push "route"   #which is can get i now i can get it but the main is missing now
push "route"   #try this but after i added the main subnet it is not working

if i want to access both subents:

push "route"
push "route"

then i cant access either. i can access only 1 subnet, not both

so if i use CCD i can only either, but not both, how is it solved?

so this is the either , either i can comment or use it, but not both:

#push "route"

when i comment i get the main, if i uncomment i can use the site to site subnet.

You would push 78 to the client, so that it knows about the server LAN, and iroute 70 in the server.

1 Like

Exactly, usually we can do this globally per-server, not per-client
so it will be

push "route"

for all the clients at once
and also a number of statements like


to add routes to the remote networks into the central site router routing table

Assuming any-to-any access is required, each ccd will include just a single statement like

iroute 192.168.7x.0

It seems that the OP refers to both of those networks as a destination/transit, so the question is what is the source.

Destination/transit networks:

  • - client side LAN
  • - server side LAN

Source network:

  • ???

Testing traceroute in both directions would be helpful.

i tried the ccd:

#push "route"

but no resolution. if i remove the ccd i can access the main openvpn, but there is no way to access the site to site, or i can acccess the site to site, but then i cannot access the main subnet.

so sad.

just draw a diagram and show all the subnets

1 Like

if you can solve you are open for a big coffee.

This diagram is confusing.
Try to follow the next example:


remote1 LAN is
remote2 LAN is
CentralSite LAN is

Server configuration:

push "route"

Then client-specific configuration files:

push "route"


push "route"

Not tested, but based on the live configuration.

wow i fixed it, i can access both subents, thanks

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.