Hey guys, how's going?
I've just configured my OpenVPN Server to have site-to-site function, so both routers that I own (one in my home and the other in my office) are capable to talk to each other. So far, so good.
My current set-up is the following:
Home network (server) - OpenVPN in OpenWRT router:
Local Lan IP: 192.168.1.1 (subnet: 192.168.1.0/24)
Local OpenVPN IP: 10.8.0.1 (subnet: 10.8.0.0/24)
option server '10.8.0.0 255.255.255.0' option dev 'tun-server' option keepalive '10 120' option topology 'subnet' option port '1234' option ca '/etc/openvpn/CA.crt' option dh '/etc/openvpn/dh2048.pem' option cert '/etc/openvpn/Server.crt' option key '/etc/openvpn/Server.key' option client_to_client '1' option persist_key '1' option persist_tun '1' option proto 'udp' option verb '5' option mssfix '1500' option cipher 'AES-256-CBC' option auth 'SHA512' option keysize '256' list push 'route 192.168.1.0 255.255.255.0' list push 'dhcp-option DNS 192.168.1.1' option route '192.168.31.0 255.255.255.0 10.8.0.1' option log '/tmp/openvpn-server.log' option status '/tmp/openvpn-server-status.log' option client_config_dir '/etc/openvpn/ccd/' option enabled '1'
CCD File - Office
ifconfig-push 10.8.0.2 255.255.255.248 iroute 192.168.31.0 255.255.255.0
Office network (client) - OpenVPN in OpenWRT Router:
Local Lan IP: 192.168.31.1 (subnet: 192.168.31.0/24)
OpenVPN IP set in ccd: 10.8.0.2
So with this current setting, all my clients in both networks can talk to each other. Great!
But now I need to set up standalone clients (like android clients using LTE connection), and although I'm able to let them talk to all clients in the server side, I'm unable to let them talk to my office network (192.168.31.0/24), but I can ping the office router if I use the OpenVPN IP (10.8.0.2).
This is what it look like:
Android client using LTE connection:
Local Lan IP: ????? It's not a router, so it doesn't have a local subnet.
OpenVPN IP set in ccd: 10.8.0.3
CCD File - Standalone Client - Android Client
ifconfig-push 10.8.0.3 255.255.255.248
How do I make all clients, no matter which one, to be able to see and talk to all clients in all networks where OpenVPN is running, not only those running a subnet (routers)?
Besides Android I also have a laptop which I could use a Hotel Wifi for example. Since I don't own the router in the Hotel, I think this "standalone" config would also work here, right? I don't need to expose the client subnet here, since I don't have access to it, but I want to have this client to access all networks exposed in my OpenVPN server, not only the server subnet.
This question was also posted in OpenVPN forum, but an user there told me it could be a route/firewall issue, but I couldn't figure it out by myself. Can someone help me here?
Unfortunately all links that send me to openwrt wiki are broken. So I have no place to search for a solution for this =/
And by the way, is my config safe enough or should I explicitly have all ciphers that I want listed in the "ovpn" file in the server?
Thanks in advance.