i can access the 2 routers together, but my question is, when my main openvpn server is at:
192.168.78.0/24
there is a site to site 192.168.78.0/24 to 192.168.70.0/2 , where i can versus both sides to access.
my question is, if i connect to my main openvpn server at the 192.168.78.0/24, which i can perfectly access, but how could i could i access the site to site 192.168.70.0/24 lan as well?
so the questions is, when with I connect to the openvpn laptop, i can access the main router 192.168.78.0/24, but the site to site other router 192.168.70.0/24, i cannot access that subnet.
is it possible to get access to the other subent as well, not only the main openvpn subnet?
You would add a route in the server so that it is aware of the client lan. This is usually done with per-client configuration in a client config directory on the server.
yes that is what i want to do, but i do not know how to do it actually.
Please see a reference to ccd here: https://openvpn.net/community-resources/how-to/
Example:
push "route 192.168.11.0 255.255.255.0"
iroute 192.168.10.0 255.255.255.0
192.168.10.0 is the LAN at the remote site we're creating a config for;
192.168.11.0 is a network which should be accessible from the given remote site, it could be another remote site
Personally I'm running multiple OpenVPN servers on the same [non-OpenWrt] device, one for 'dial-in' and another for site-to-site.
the only problem is that now i can access the the site to site, but then the real openvpn subnet i did not access, i even tried even:
push "route 192.168.70.0 255.255.255.0" #which is can get i now i can get it but the main is missing now
iroute 192.168.78.0 255.255.255.0
push "route 192.168.78.0 255.255.255.0" #try this but after i added the main subnet it is not working
if i want to access both subents:
push "route 192.168.70.0 255.255.255.0"
push "route 192.168.78.0 255.255.255.0"
iroute 192.168.78.0 255.255.255.0
then i cant access either. i can access only 1 subnet, not both
so if i use CCD i can only either, but not both, how is it solved?
so this is the either , either i can comment or use it, but not both:
#push "route 192.168.70.0 255.255.255.0"
#iroute 192.168.78.0 255.255.255.0
when i comment i get the main, if i uncomment i can use the site to site subnet.
You would push 78 to the client, so that it knows about the server LAN, and iroute 70 in the server.
Exactly, usually we can do this globally per-server, not per-client
so it will be
push "route 192.168.78.0 255.255.255.0"
for all the clients at once
and also a number of statements like
route 192.168.70.0 255.255.255.0
route 192.168.71.0 255.255.255.0
...
to add routes to the remote networks into the central site router routing table
Assuming any-to-any access is required, each ccd will include just a single statement like
iroute 192.168.7x.0 255.255.255.0
It seems that the OP refers to both of those networks as a destination/transit, so the question is what is the source.
Destination/transit networks:
-
192.168.70.0/24
- client side LAN -
192.168.78.0/24
- server side LAN
Source network:
- ???
Testing traceroute in both directions would be helpful.
i tried the ccd:
#push "route 192.168.78.0 255.255.255.0"
#iroute 192.168.78.0 255.255.255.0
#iroute 192.168.70.0 255.255.255.0
but no resolution. if i remove the ccd i can access the main openvpn, but there is no way to access the site to site, or i can acccess the site to site, but then i cannot access the main subnet.
so sad.
just draw a diagram and show all the subnets
if you can solve you are open for a big coffee.
This diagram is confusing.
Try to follow the next example:
remote1---CentralSite---remote2
remote1 LAN is 192.168.11.0/24
remote2 LAN is 192.168.12.0/24
CentralSite LAN is 192.168.10.0/24
Server configuration:
push "route 192.168.10.0 255.255.255.0"
route 192.168.11.0 255.255.255.0
route 192.168.12.0 255.255.255.0
Then client-specific configuration files:
remote1:
iroute 192.168.11.0 255.255.255.0
push "route 192.168.12.0 255.255.255.0"
remote2:
iroute 192.168.12.0 255.255.255.0
push "route 192.168.11.0 255.255.255.0"
Not tested, but based on the live configuration.
wow i fixed it, i can access both subents, thanks
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.