Openvpn two server conf connect each other

Hi,

i have successfully two server configurations for openvpn using this:

config openvpn 'myvpn'
        option enabled '1'
        option verb '3'
        option port '1194'
        option proto 'udp'
        option dev 'tun'
        option server '10.8.0.0 255.255.255.0'
        option keepalive '10 120'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/vpn-server.crt'
        option key '/etc/openvpn/vpn-server.key'
        option dh '/etc/openvpn/dh2048.pem'
        option client_to_client '1'
        list 'push' 'redirect-gateway def1 bypass-dhcp'
        option persist_key 1
        option persist_tun 1
        option user nobody
        list 'push' 'dhcp-option DNS 192.168.1.1'
        list 'push' 'route 192.168.1.0 255.255.255.0'
        list 'push' 'route 10.9.0.0 255.255.255.0'

config openvpn 'myvpntcp'
        option enabled '1'
        option verb '4'
        option port '443'
        option proto 'tcp'
        option dev 'tun'
        option server '10.9.0.0 255.255.255.0'
        option keepalive '10 120'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/vpn-server.crt'
        option key '/etc/openvpn/vpn-server.key'
        option dh '/etc/openvpn/dh2048.pem'
        option client_to_client '1'
        list 'push' 'redirect-gateway def1 bypass-dhcp'
        option persist_key 1
        option persist_tun 1
        option user nobody
        list 'push' 'dhcp-option DNS 192.168.1.1'
        list 'push' 'route 192.168.1.0 255.255.255.0'
        list 'push' 'route 10.8.0.0 255.255.255.0'

I want to reach the goal that clients from 10.9.0.x and 10.8.0.x get to know each other...

Maybe i'm little confused where to do this.

Thx for help..

1 Like

What do you mean by "get to know each other"? Are you referring to discovery by broadcast? Are you referring to direct connections via unicast?

1 Like

ssh / vnc each other. Like in the same network.

At the moment i can only ssh from 192.x.x.x to 10.8.x.x or 10.9.x.x and vice-versa and also within 10.8.x.x (and 10.9.x.x) it also works. But not from 10.8.x.x to 10.9.x.x

uci add_list firewall.@zone[0].device="tun+"
uci commit firewall
/etc/init.d/firewall restart
1 Like

@vgaetera -> your solutions works -> can you explain?

additional question are my push route definitions necessary also to your additional firewall settings?

thx for help

1 Like

Assign both VPN interfaces to the same firewall zone with permissive intrazone forward policy.
There's no need to push extra routes as long as you redirect gateway on the clients to the VPN.

In addition, it's best to explicitly specify the server side topology:

uci set openvpn.myvpn.topology="subnet"
uci set openvpn.myvpntcp.topology="subnet"
uci commit openvpn
/etc/init.d/openvpn restart

That means i can now remove these lines of code:

and add these lines:

uci set openvpn.myvpn.topology="subnet"
uci set openvpn.myvpntcp.topology="subnet"
uci commit openvpn

i hope i have understand your information well...
thx

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.