Routing to a device with static ip connected to RPI as openvpn client.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN User
- Posts: 20
- Joined: Thu Jan 19, 2017 6:46 am
Routing to a device with static ip connected to RPI as openvpn client.
Hello everybody,
With a lot of help on the forum i got my remote rpi running an vpn connection to my RPi openvpn server.
I'm able to reach the RPi through ssh as intended. The Pi is connected to the internet over 3G, and to a PLC over the ethernet port.
I would like to reach the PLC over the existing VPN connection to be able to program it remotely. The PLC has a static ip address. What would be the easiest way to get acces to the PLC? I guess i would like to do basicly the same as here https://secure-computing.net/wiki/index ... PN/Routing
But it seems way to complicated for just one device connected to the RPi and there is no router between them in my system. I also don't understand half of the example. Is there a more simple way to achieve this?
Thank you in advance.
With a lot of help on the forum i got my remote rpi running an vpn connection to my RPi openvpn server.
I'm able to reach the RPi through ssh as intended. The Pi is connected to the internet over 3G, and to a PLC over the ethernet port.
I would like to reach the PLC over the existing VPN connection to be able to program it remotely. The PLC has a static ip address. What would be the easiest way to get acces to the PLC? I guess i would like to do basicly the same as here https://secure-computing.net/wiki/index ... PN/Routing
But it seems way to complicated for just one device connected to the RPi and there is no router between them in my system. I also don't understand half of the example. Is there a more simple way to achieve this?
Thank you in advance.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Routing to a device with static ip connected to RPI as openvpn client.
One device or a million devices .. the same applies, generally.timonaap1 wrote:it seems way to complicated for just one device
-
- OpenVPN User
- Posts: 20
- Joined: Thu Jan 19, 2017 6:46 am
Re: Routing to a device with static ip connected to RPI as openvpn client.
So i added client-config-dir /etc/openvpn/ccd to my server config file and added a file with the name of the client and put the following in it
and on the pi I enabled ip_forward and used the command
I'm not able to ping the ip address (169.254.27.80) on eth0 (169.254.27.234)
I'm able to the rpi on 10.8.0.2 connected over 3g wwan0 (169.254.169.80)
Am i doing something wrong or forgetting something?
Code: Select all
iroute 10.8.0.0 255.255.255.0
Code: Select all
iptables -t nat -A POSTROUTING -d (10.8.0.0) -j MASQUERADE
I'm able to the rpi on 10.8.0.2 connected over 3g wwan0 (169.254.169.80)
Am i doing something wrong or forgetting something?
-
- OpenVPN User
- Posts: 20
- Joined: Thu Jan 19, 2017 6:46 am
Re: Routing to a device with static ip connected to RPI as openvpn client.
Sorry I meant
Code: Select all
iptables -t nat -A POSTROUTING -d 10.8.0.0 -j MASQUERADE
-
- OpenVPN User
- Posts: 20
- Joined: Thu Jan 19, 2017 6:46 am
Re: Routing to a device with static ip connected to RPI as openvpn client.
changed
to
still ping transmit failed
to
Code: Select all
iroute 169.254.27.80 255.255.255.0
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Routing to a device with static ip connected to RPI as openvpn client.
tincanteksup <at> gmail
-
- OpenVPN User
- Posts: 20
- Joined: Thu Jan 19, 2017 6:46 am
Re: Routing to a device with static ip connected to RPI as openvpn client.
I found this http://serverfault.com/questions/593314 ... hrough-tun
This is the exact same problem as I'm having so I added the highlighted lines to the server configuration
This is what my ccd file looks like
I tried this
I'm still not able to ping 169.254.27.101 from anywhere but the client itself.
This is the exact same problem as I'm having so I added the highlighted lines to the server configuration
Code: Select all
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 0.0.0.0"
[b]push "route 169.254.27.0 255.255.255.0"
route 169.254.27.0 255.255.255.0
client-config-dir /etc/openvpn/ccd[/b]
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
Code: Select all
ifconfig-push 10.8.0.101 10.8.0.102
push "route 192.168.2.0 255.255.255.0
iroute 169.254.27.101 255.255.255.0
Code: Select all
# Masquerade outgoing traffic
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
# Allow return traffic
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Forward everything
iptables -A FORWARD -j ACCEPT