Routing to a device with static ip connected to RPI as openvpn client.

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
timonaap1
OpenVPN User
Posts: 20
Joined: Thu Jan 19, 2017 6:46 am

Routing to a device with static ip connected to RPI as openvpn client.

Post by timonaap1 » Fri Jan 27, 2017 10:02 am

Hello everybody,

With a lot of help on the forum i got my remote rpi running an vpn connection to my RPi openvpn server.
I'm able to reach the RPi through ssh as intended. The Pi is connected to the internet over 3G, and to a PLC over the ethernet port.
I would like to reach the PLC over the existing VPN connection to be able to program it remotely. The PLC has a static ip address. What would be the easiest way to get acces to the PLC? I guess i would like to do basicly the same as here https://secure-computing.net/wiki/index ... PN/Routing
But it seems way to complicated for just one device connected to the RPi and there is no router between them in my system. I also don't understand half of the example. Is there a more simple way to achieve this?

Thank you in advance.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing to a device with static ip connected to RPI as openvpn client.

Post by TinCanTech » Fri Jan 27, 2017 12:27 pm

timonaap1 wrote:it seems way to complicated for just one device
One device or a million devices .. the same applies, generally.

timonaap1
OpenVPN User
Posts: 20
Joined: Thu Jan 19, 2017 6:46 am

Re: Routing to a device with static ip connected to RPI as openvpn client.

Post by timonaap1 » Mon Jan 30, 2017 11:38 am

So i added client-config-dir /etc/openvpn/ccd to my server config file and added a file with the name of the client and put the following in it

Code: Select all

iroute 10.8.0.0 255.255.255.0
and on the pi I enabled ip_forward and used the command

Code: Select all

iptables -t nat -A POSTROUTING -d (10.8.0.0) -j MASQUERADE
I'm not able to ping the ip address (169.254.27.80) on eth0 (169.254.27.234)
I'm able to the rpi on 10.8.0.2 connected over 3g wwan0 (169.254.169.80)

Am i doing something wrong or forgetting something?

timonaap1
OpenVPN User
Posts: 20
Joined: Thu Jan 19, 2017 6:46 am

Re: Routing to a device with static ip connected to RPI as openvpn client.

Post by timonaap1 » Mon Jan 30, 2017 11:45 am

Sorry I meant

Code: Select all

iptables -t nat -A POSTROUTING -d 10.8.0.0 -j MASQUERADE

timonaap1
OpenVPN User
Posts: 20
Joined: Thu Jan 19, 2017 6:46 am

Re: Routing to a device with static ip connected to RPI as openvpn client.

Post by timonaap1 » Mon Jan 30, 2017 3:04 pm

changed
to

Code: Select all

iroute 169.254.27.80 255.255.255.0
still ping transmit failed

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing to a device with static ip connected to RPI as openvpn client.

Post by TinCanTech » Mon Jan 30, 2017 3:36 pm

tincanteksup <at> gmail

timonaap1
OpenVPN User
Posts: 20
Joined: Thu Jan 19, 2017 6:46 am

Re: Routing to a device with static ip connected to RPI as openvpn client.

Post by timonaap1 » Tue Jan 31, 2017 12:03 pm

I found this http://serverfault.com/questions/593314 ... hrough-tun

This is the exact same problem as I'm having so I added the highlighted lines to the server configuration

Code: Select all

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 0.0.0.0"
[b]push "route 169.254.27.0 255.255.255.0"
route 169.254.27.0 255.255.255.0
client-config-dir /etc/openvpn/ccd[/b]
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
This is what my ccd file looks like

Code: Select all

ifconfig-push 10.8.0.101 10.8.0.102
push "route 192.168.2.0 255.255.255.0
iroute 169.254.27.101 255.255.255.0
I tried this

Code: Select all

# Masquerade outgoing traffic
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

# Allow return traffic
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Forward everything
iptables -A FORWARD -j ACCEPT
I'm still not able to ping 169.254.27.101 from anywhere but the client itself.

Post Reply