I have a site to site openvpn system

patrikx3 · August 10, 2019, 3:32pm

i can access the 2 routers together, but my question is, when my main openvpn server is at:
192.168.78.0/24
there is a site to site 192.168.78.0/24 to 192.168.70.0/2 , where i can versus both sides to access.
my question is, if i connect to my main openvpn server at the 192.168.78.0/24, which i can perfectly access, but how could i could i access the site to site 192.168.70.0/24 lan as well?

patrikx3 · August 10, 2019, 3:39pm

so the questions is, when with I connect to the openvpn laptop, i can access the main router 192.168.78.0/24, but the site to site other router 192.168.70.0/24, i cannot access that subnet.

is it possible to get access to the other subent as well, not only the main openvpn subnet?

mk24 · August 10, 2019, 3:53pm

You would add a route in the server so that it is aware of the client lan. This is usually done with per-client configuration in a client config directory on the server.

patrikx3 · August 10, 2019, 4:05pm

yes that is what i want to do, but i do not know how to do it actually.

AndrewZ · August 10, 2019, 4:51pm

Please see a reference to ccd here: https://openvpn.net/community-resources/how-to/

Example:

push "route 192.168.11.0 255.255.255.0"
iroute 192.168.10.0 255.255.255.0

192.168.10.0 is the LAN at the remote site we're creating a config for;
192.168.11.0 is a network which should be accessible from the given remote site, it could be another remote site
Personally I'm running multiple OpenVPN servers on the same [non-OpenWrt] device, one for 'dial-in' and another for site-to-site.

patrikx3 · August 11, 2019, 11:54am

the only problem is that now i can access the the site to site, but then the real openvpn subnet i did not access, i even tried even:

push "route 192.168.70.0 255.255.255.0"   #which is can get i now i can get it but the main is missing now
iroute 192.168.78.0 255.255.255.0 
push "route 192.168.78.0 255.255.255.0"   #try this but after i added the main subnet it is not working

patrikx3 · August 11, 2019, 12:10pm

if i want to access both subents:

push "route 192.168.70.0 255.255.255.0"
push "route 192.168.78.0 255.255.255.0"
iroute 192.168.78.0 255.255.255.0

then i cant access either. i can access only 1 subnet, not both

patrikx3 · August 11, 2019, 12:11pm

so if i use CCD i can only either, but not both, how is it solved?

patrikx3 · August 11, 2019, 12:12pm

so this is the either , either i can comment or use it, but not both:

#push "route 192.168.70.0 255.255.255.0"
#iroute 192.168.78.0 255.255.255.0

patrikx3 · August 11, 2019, 12:12pm

when i comment i get the main, if i uncomment i can use the site to site subnet.

mk24 · August 11, 2019, 12:37pm

You would push 78 to the client, so that it knows about the server LAN, and iroute 70 in the server.

AndrewZ · August 11, 2019, 12:53pm

Exactly, usually we can do this globally per-server, not per-client
so it will be

push "route 192.168.78.0 255.255.255.0"

for all the clients at once
and also a number of statements like

route 192.168.70.0 255.255.255.0
route 192.168.71.0 255.255.255.0
...

to add routes to the remote networks into the central site router routing table

Assuming any-to-any access is required, each ccd will include just a single statement like

iroute 192.168.7x.0 255.255.255.0

vgaetera · August 11, 2019, 1:00pm

It seems that the OP refers to both of those networks as a destination/transit, so the question is what is the source.

Destination/transit networks:

192.168.70.0/24 - client side LAN
192.168.78.0/24 - server side LAN

Source network:

???

Testing traceroute in both directions would be helpful.

patrikx3 · August 11, 2019, 4:28pm

i tried the ccd:

#push "route 192.168.78.0 255.255.255.0"
#iroute 192.168.78.0 255.255.255.0
#iroute 192.168.70.0 255.255.255.0

but no resolution. if i remove the ccd i can access the main openvpn, but there is no way to access the site to site, or i can acccess the site to site, but then i cannot access the main subnet.

so sad.

AndrewZ · August 11, 2019, 5:04pm

just draw a diagram and show all the subnets

patrikx3 · August 11, 2019, 5:25pm

patrikx3 · August 11, 2019, 5:32pm

if you can solve you are open for a big coffee.

AndrewZ · August 11, 2019, 5:52pm

This diagram is confusing.
Try to follow the next example:

remote1---CentralSite---remote2

remote1 LAN is 192.168.11.0/24
remote2 LAN is 192.168.12.0/24
CentralSite LAN is 192.168.10.0/24

Server configuration:

push "route 192.168.10.0 255.255.255.0"
route 192.168.11.0 255.255.255.0
route 192.168.12.0 255.255.255.0

Then client-specific configuration files:
remote1:

iroute 192.168.11.0 255.255.255.0
push "route 192.168.12.0 255.255.255.0"

remote2:

iroute 192.168.12.0 255.255.255.0
push "route 192.168.11.0 255.255.255.0"

Not tested, but based on the live configuration.

patrikx3 · August 11, 2019, 8:05pm

wow i fixed it, i can access both subents, thanks

system · August 21, 2019, 8:05pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.