[Solved] ISP provided Gateway & static routes / routing to server LAN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
soulfunkbro
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 29, 2017 8:51 am

[Solved] ISP provided Gateway & static routes / routing to server LAN

Post by soulfunkbro » Wed Mar 29, 2017 9:22 am

ok, so I am running Ubuntu 16.04 with OpenVPN. This is a 'home' setup, and I need to be able to access devices on the server LAN from devices whilst roaming. To facilitate this I am pushing the route to that Server LAN to clients through server.conf. I realise I need to push a static route on the Gateway on the server side back to the Client subnet. Unfortunately, the Gateway I am running is an ISP provided device (Virgin Superhub) which doesn't support adding static routes. So an alternative is to place static routes on the servers that I want to be able to connect to, which is fine for the Windows \ Linux servers I run, and everything works well.

Now, I also have some IoT devices, including CCTV DVR's, Philips Hue devices etc, that won't allow me to set static routes. Clearly the right answer would be for the gateway to route that traffic, but again that isn't feasible as is.

So the question is, is there any other way anyone can suggest that may help me solve this? Previously, I had a friend setup a Raspberry Pi device running OpenVPN that seemed to support this. The SD card failed on that so I replaced it with Ubuntu.

I hear that Ethernet bridging may help me resolve this. Is that right?

Apologies if this is missing information, or is unclear, this is my first foray into this.

Thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: ISP provided Gateway & static routes / routing to server LAN

Post by TinCanTech » Wed Mar 29, 2017 11:50 am

soulfunkbro wrote: I am running Ubuntu 16.04 with OpenVPN
soulfunkbro wrote:I am pushing the route to that Server LAN to clients through server.conf
soulfunkbro wrote:the Gateway I am running is an ISP provided device (Virgin Superhub) which doesn't support adding static routes
Either:
  • Use NAT on the ubuntu server.
    Normally:

    Code: Select all

    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    Customise that to fit your network.
  • Use --server-bridge + --dev tap
    --dev tap is not supported by some devices, like smart phones
Side note:
  • Can you believe you pay all that money to get such garbage from Virgin ..

soulfunkbro
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 29, 2017 8:51 am

Re: ISP provided Gateway & static routes / routing to server LAN

Post by soulfunkbro » Wed Mar 29, 2017 4:44 pm

Hey TinCanTech,

thank you for the reply, that's awesome, will give the 'NAT'ing' a shot. There doesn't seem much written in the openvpn howto regards this, or perhaps I've missed it. Either way, thank you much.

Regards Virgin, I'm with you on that. Fortunately my employer pays for the broadband, which is great, but as such I don't really have much say on what devices I can use. They seem to be getting more and more dictatorial in recent times, ever since they were taken over by Liberty Global.

thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: ISP provided Gateway & static routes / routing to server LAN

Post by TinCanTech » Wed Mar 29, 2017 4:53 pm

soulfunkbro wrote:will give the 'NAT'ing' a shot. There doesn't seem much written in the openvpn howto
See:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
soulfunkbro wrote:They seem to be getting more and more dictatorial in recent times, ever since they were taken over by Liberty Global.
Great Scott !

soulfunkbro
OpenVpn Newbie
Posts: 4
Joined: Wed Mar 29, 2017 8:51 am

Re: ISP provided Gateway & static routes / routing to server LAN

Post by soulfunkbro » Wed Mar 29, 2017 5:42 pm

Just to feedback, configuring NAT on the Ubuntu server worked perfectly!

Thanks once more to TinCanTech for the quick answer!

Thanks

Locked