This is the situation since moving to 2.4:
Remote OpenVPN server: 10.8.0.1
The client on the router: 10.8.0.2
Remote subnet: 10.0.100.0/24
Local subnet: 192.168.0.0/24
- Traffic between the two end points, 10.8.0.1 and 10.8.0.2, flows fine.
- Traffic between 10.8.0.2 (local router) and 10.0.100.0/24 (remote subnet) flows fine.
- Traffic between 192.168.0.0/24 and 10.0.100.0/24 does not traverse the tunnel and stops at the TUN end points: at 10.8.0.1 when source is 10.0.100.0/24, at 10.8.0.2 when source is 192.168.0.0/24.
Config for the remote server
port 1194
proto udp
dev tun
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist pool
push "route 10.0.100.0 255.255.255.0"
client-config-dir ccd
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
cert /etc/openvpn/server/ovpn-server-longhaul.crt
key /etc/openvpn/server/ovpn-server-longhaul.key
ca /etc/openvpn/server/yorick-pfs.crt
dh /etc/openvpn/server/dh.pem
tls-auth /etc/openvpn/server/ta.key 0
cipher AES-128-CBC
user nobody
group nobody
proto udp
dev tun
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist pool
push "route 10.0.100.0 255.255.255.0"
client-config-dir ccd
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
cert /etc/openvpn/server/ovpn-server-longhaul.crt
key /etc/openvpn/server/ovpn-server-longhaul.key
ca /etc/openvpn/server/yorick-pfs.crt
dh /etc/openvpn/server/dh.pem
tls-auth /etc/openvpn/server/ta.key 0
cipher AES-128-CBC
user nobody
group nobody
Code: Select all
iroute 192.168.0.0 255.255.255.0
Code: Select all
10.0.100.0/24 dev lxcbr0 proto kernel scope link src 10.0.100.1
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
192.168.0.0/24 via 10.8.0.2 dev tun0