Expanding scope

[gcp900]

Hello guys!

I have set up an OpenVPN network succesfully, but now I want to reach devices beyond the clients and server side and although I know that there's a HOW TO in the OpenVPN guide I don't understand everything.

This is the situation; two LANs with two different routers. In one of them there's an openvpn server which is one of the devices of the LAN (a computer with ubuntu server) connected to the router. In the other one there's a router with openwrt installed which is at the same time an openvpn client of the server. Both LANs have an IP gateway like 192.168.1.1, and the IPs of the devices are like 192.168.1.XX. The goal is to make accessible for all clients the devices in two LANs.

But once at this point I have got some doubts about the HOW TO guide. In the guide it is explained that I have to advertise the route to the clients with this option in the server configuration push "route 10.66.0.0 255.255.255.0", being the 10.66.0.0 the server subnet, but how can I know if that IP addresses are the IP of my subnet? Wouldn’t be the IP addresses of my subnet 192.168.1.1 instead of those?
And about this paragraph “you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).” I think in this case are different machines so, how can I make this route??

In the client side, the HOW TO guide says “we will assume that the client LAN is using the 192.168.4.0/24 subnet” and I have got the same question, how can I know which is my subnet IP? And, by the way, which is the meaning of “/24” (I think there’s a range but I am not sure…

I have activated the client-to-client option and I have got an openvpn server in routing mode.

Thanks!!

[Traffic]

Both LANs have an IP gateway like 192.168.1.1, and the IPs of the devices are like 192.168.1.XX

One of your networks is going to have to change network number ..
I would recommend you change the server side .. on my server I use 172.17.2.0/24 §

Wouldn’t be the IP addresses of my subnet 192.168.1.1 instead of those?

No .. 192.168.1.1 is a host not a network.

you must set up a route on the server-side LAN gateway

see the documentation of your LAN gateway. Probably listed as static routes ..

Note: Not all Gateway/Routers are equal - Some are total rubbish.

which is the meaning of “/24”

§ /24 is the number of bits in the netmask .. /24 means 24 bits ..

Thus: netmask 255.255.255.0 <- 24 bits (11111111.11111111.11111111.00000000)

https://lmddgtfy.net/?q=CIDR

Are you using:

• OpenVPN-AccessServer - Proprietary consumer product
  • or
• OpenVPN-CommunityEdition - Free Open Source Software

[gcp900]

I am using the community edition and I have read something about the differences between Host's IPs and subnet addresses. I think I understand now