Multiple OpenVPN on one machine to one server can not route

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
arkle
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 12, 2017 2:57 pm

Multiple OpenVPN on one machine to one server can not route

Post by arkle » Thu Jan 12, 2017 3:45 pm

Hi all, I got some questions about "Multiple OpenVPN on one machine to one server can not route".

Background:

I have several PLC which have seprerate IP (192.168.3.111, 192.168.3.123, 192.168.3.124, 192.168.3.125). They can communicate via IP at TCP port 102 that can not be change.

At this case, I plan to use a RPi3 which running OpenVPN client to forward the TCP port 102 to the PLCs. I have a OpenVPN Server running at Debian Linux at TUN mode.

I have tried these steps:

1, I make two VPN client config, and connect to server succefully with two VPN IP, 172.16.0.6 and 172.16.0.30;

2, The RPi3 route table list as:

Code: Select all

root@airleader:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.3.1     0.0.0.0         UG    303    0        0 wlan0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
172.16.0.0      172.16.0.29     255.255.255.0   UG    0      0        0 tun1
172.16.0.0      172.16.0.5      255.255.255.0   UG    0      0        0 tun0
172.16.0.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
172.16.0.29     0.0.0.0         255.255.255.255 UH    0      0        0 tun1
192.168.3.0     0.0.0.0         255.255.255.0   U     303    0        0 wlan0
3, The RPi3 iptables list as:

Code: Select all

root@airleader:~# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 1511 packets, 506K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 1350 packets, 500K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 782 packets, 59707 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 781 packets, 59623 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      tun1    0.0.0.0/0            172.16.0.0/20       
    1    84 MASQUERADE  all  --  *      tun0    0.0.0.0/0            172.16.0.0/20    


The Problem:

1, I can only ping the 172.16.0.29 which list above the 172.16.0.6;

How could I use all the VPN ips?

Regards!

scolia
OpenVpn Newbie
Posts: 2
Joined: Sun Feb 05, 2017 8:57 pm

Re: Multiple OpenVPN on one machine to one server can not route

Post by scolia » Sun Feb 05, 2017 9:19 pm

I have no answer to your exact problem but i would rather do the following:

As 192.168.x.x networks are quite common, choose 172.x.x.x for the PLC network. You can then route the 172.x.x.x network from the server to your PLC network and access directly to the PLC without port forwarding.
Use "iroute" in the client's ccd file for this and add a kernel route via iptables. If you want to access the network from another OpenVPN client, use push-route to submit the route to the client.

Post Reply