Setup / openvpn conf. issue

lenovomi · April 2, 2019, 9:28pm

Hello,
i am not able to make a work scenario describe below anyone can help out? thank you

10.0.1.150 (LAN) -> router (+ openvpnserver 192.168.8.1) <- INTERNET -> openvpncleint (192.168.8.2) running on host 192.168.1.30

I want to ping from host 10.0.1.150 host 192.168.1.30

router
route>

192.168.1.0 192.168.8.2 255.255.255.0 UG 0 0 0 tun0
192.168.8.0 192.168.8.2 255.255.255.0 UG 0 0 0 tun0
192.168.8.2 * 255.255.255.255 UH 0 0 0 tun0

openvpnserver.conf
persist-key
persist-tun
ca /etc/easy-rsa/pki/ca.crt
cert /etc/easy-rsa/pki/issued/vpnserver.crt
client-config-dir /etc/openvpn/ccd
compress lzo
dev tun0
dh /etc/easy-rsa/pki/dh.pem
group nogroup
keepalive 10 120
key /etc/easy-rsa/pki/private/vpnserver.key
port 1194
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.1"
push "compress lzo"
push "persist-tun"
push "persist-key"
push "dhcp-option DOMAIN lan"
route 192.168.1.0 255.255.255.0 192.168.8.2
server 192.168.8.0 255.255.255.0
tls-crypt /etc/easy-rsa/pki/tc.pem
user nobody
verb 3

ccd/vpnclient1
push "route 10.0.1.0 255.255.255.0"
iroute 192.168.1.29 255.255.255.255
ifconfig-push 192.168.8.2 192.168.8.1

vgaetera · April 3, 2019, 1:45am

Add into vpnserver.conf:

topology subnet

Replace with:

push "dhcp-option DNS 192.168.8.1"

Move to vpnserver.conf.

Replace with:

iroute 192.168.1.0 255.255.255.0

Replace with:

ifconfig-push 192.168.8.2 255.255.255.0

https://community.openvpn.net/openvpn/wiki/VORACLE

anon50098793 · April 3, 2019, 2:56am

If it's still there after ^ .... i'm not sure you want this.... ( edit: i stuffed up, thanks for teaching me something! )

openvpnserver.conf
     route 192.168.1.0 255.255.255.0 192.168.8.2

vgaetera · April 3, 2019, 3:02am

@anon50098793, why do you think so?

So, 192.168.1.0/24 is routed via 192.168.8.2.

anon50098793 · April 3, 2019, 3:05am

my bad, i must have read it wrong, thankyou for clearing things up!

seemed to me like;

remote client LAN = 192.168.8.2
and remote tun is assigned 192.168.1.0/24

( aka router needs no knowledge of 192.168.8.0 )?

so that option must be for the client...... i'm a bit rough on openvpn clemanture.....

Ooooooo.... i mistoook 192.168.8.2 for the remotelannormalnet........

vgaetera · April 3, 2019, 3:10am

Yep, if we want VPN-client to act as VPN-gateway inside of client-LAN, we need to add that route on the client-LAN router.