Check there is routing information on the VPS that 192.168.10.0/24 is reachable via 10.8.0.2
Firewall on OpenWrt must also allow the vpn->lan traffic.
1 Like
No route but i add in server config
route 192.168.10.0 255.255.255.0
openvpn VPS Server config
local 212.1.1.1
port 1194
proto udp
dev tun
#client-config-dir /etc/openvpn/ccd/
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA256
#auth none
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
route 192.168.10.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
pull-filter ignore "redirect-gateway"
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 2 20
#cipher AES-128-CBC
cipher none
user nobody
group nogroup
persist-key
client-to-client
persist-tun
status openvpn-status.log
verb 5
log /etc/openvpn/openvpn.log
crl-verify crl.pem
explicit-exit-notify
tun-mtu 1600
mssfix 1450
reneg-sec 0
Openwrt client config
client
dev tun0
proto udp
remote 212.1.1.1 1194
resolv-retry infinite
pull-filter ignore "redirect-gateway"
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA256
cipher none
#ignore-unknown-option block-outside-dns
#block-outside-dns
verb 3
The route is missing the gateway. Check the documentation for the correct syntax.
There is no point in masquerading the vpn zone on the client.
1 Like
disable masquerading, check syntax but dont ping
Post the vpn server config and the routing table on vpn server
route
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw.site.com 0.0.0.0 UG 0 0 0 ens3
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.66.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
10.66.66.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
192.168.61.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
localnet 0.0.0.0 255.255.255.0 U 0 0 0 ens3
Server config
local 212.1.1.1
port 1194
proto udp
dev tap
client-config-dir /etc/openvpn/ccd/
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA256
#auth none
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 2 20
#cipher AES-128-CBC
cipher none
user nobody
group nogroup
persist-key
client-to-client
persist-tun
status openvpn-status.log
verb 5
log /etc/openvpn/openvpn.log
crl-verify crl.pem
explicit-exit-notify
tun-mtu 1600
mssfix 1450
reneg-sec 0
route 192.168.10.0 255.255.255.0 10.8.0.2
push "route 192.168.10.0 255.255.255.0"
what wrong i do ?
Did you add the iroute for the .2 client in the ccd directory?
Yes.
/etc/openvpn/ccd/client
iroute 192.168.31.0 255.255.255.0
push-remove redirect-gateway
I install openvpn on vps by scrip openvpn-install.sh
Config work. Route add to route table but ping on 192.168.10.1(openwrt) or 192.168.10.166 (lan-pc) from server not work....
Who is 192.168.31.0?
Remove reference to 192.168.10.0 from the main server config. This is the iroute specific to the OpenWrt router site it should be in the ccd.
Per-client config only works if you have unique certificates for each client with unique CN, this is used by the server to look up the ccd.
Your OpenVPN log and/or routing table on the 10.8.0.3 laptop should show receiving the iroute to 192.168.10.0 via 10.8.0.2.
In the OpenWrt router, the VPN tunnel interface should be in the lan firewall zone and intra-zone forwarding enabled on that zone.
Do you want that to work? I thought the objective was to give the laptop access to the home LAN.
If i want see all subnet from 10.8.0.3 like i connected wired it is possible? May be use tap interface on server and clients?
No you should use tun, as you want to route between the two networks.
1 Like
How do Client 10.8.0.3 (Windows) see all machines from subnet 192.168.10.0/24. I dont see any pc only ping to 192.168.10.1 (openwrt router as client). I want do like Client conected by cable on subnet.
Then you should run server on the OpenWrt and bridge the tap interface with the lan.
but openwrt do not have static white ip.