Connection to LAN behind OpenVPN Server

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
fabiansc
OpenVpn Newbie
Posts: 2
Joined: Sun Apr 02, 2017 8:45 am

Connection to LAN behind OpenVPN Server

Post by fabiansc » Sun Apr 02, 2017 9:55 am

Hello and thanks for reading this question.

I am trying to access servers behind my OpenVPN Server from a client. I think some forwarding on the OpenVPN Server is missing. I would be glad if someone can explain and help me to get it working. I documented the whole setup (starting from hardware configuration) on my blog https://cloud.fas-consulting.de/drupal/ ... figuration; there is also a routing script included (running at the Host of the OpenVPN Server) for internet access of the target server. Big Thanks in advance!


Clients connect via the internet to a router, which forwards the connection to the OpenVPN Server at 192.168.190.100 via wlan0.
The openVPN Server shall forward traffic via eth0 (192.168.200.1) to any servers behind eth0.
A Target Server is running behind eth0 with IP 192.168.200.10. It uses the Host of the OpenVPN Server as gateway to the internet (not via OpenVPN).

OpenVPN Server IP is 10.8.0.1
OpenVPN Client IP is 10.8.0.6

Code: Select all

Mobile Client / Laptop --> Internet --> (wlan0, IP: 192.168.190.100) OpenVPN Server (eth0: 192.168.200.x/24, IP: 192.168.200.1)--> Target Server (eth0, IP: 192.168.200.10)
OpenVPN Server server.conf
;local a.b.c.d
port 1194
proto tcp
;proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert nexus.crt
key nexus.key # This file should be kept secret
dh dh4096.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "route 192.168.200.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
route 10.8.0.0 255.255.255.0
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
;cipher BF-CBC # Blowfish (default)
cipher AES-128-CBC # AES
auth SHA256
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20
Client to Target Server

Code: Select all

traceroute 192.168.200.10
traceroute to 192.168.200.10 (192.168.200.10), 64 hops max, 52 byte packets
 1  10.8.0.1 (10.8.0.1)  51.053 ms  47.026 ms  47.093 ms
 2  * * *

ping 192.168.200.10
PING 192.168.200.10 (192.168.200.10): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
OpenVPN Server /var/log/syslog for ping from client

Code: Select all

Apr  2 11:42:03 Nexus kernel: [16880.681554] IN=tun0 OUT=enxb827ebf3bacf MAC= SRC=10.8.0.4 DST=192.168.200.10 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=16705 PROTO=ICMP TYPE=8 CODE=0 ID=6409 SEQ=0
OpenVPN Server route

Code: Select all

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         fritz.box       0.0.0.0         UG    600    0        0 wlan0
10.8.0.0        *               255.255.255.0   U     0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 tun0
192.168.190.0   *               255.255.255.0   U     600    0        0 wlan0
192.168.200.0   *               255.255.255.0   U     100    0        0 enxb827ebf3bacf
OpenVPN Server ifconfig

Code: Select all

ifconfig
enxb827ebf3bacf Link encap:Ethernet  HWaddr b8:27:eb:f3:ba:cf  
          inet addr:192.168.200.1  Bcast:192.168.200.255  Mask:255.255.255.0
          inet6 addr: fe80::2716:84e9:4d88:d5a6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:698 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:112798 (112.7 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:496580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:496580 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:281604322 (281.6 MB)  TX bytes:281604322 (281.6 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1325 errors:0 dropped:0 overruns:0 frame:0
          TX packets:799 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:102966 (102.9 KB)  TX bytes:144146 (144.1 KB)

wlan0     Link encap:Ethernet  HWaddr b8:27:eb:a6:ef:9a  
          inet addr:192.168.190.100  Bcast:192.168.190.255  Mask:255.255.255.0
          inet6 addr: fe80::5b49:1dd3:3207:3d6b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13801 errors:0 dropped:77 overruns:0 frame:0
          TX packets:7532 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8530667 (8.5 MB)  TX bytes:996815 (996.8 KB)
Top
fabiansc
OpenVpn Newbie
Posts: 2
Joined: Sun Apr 02, 2017 8:45 am

Re: Connection to LAN behind OpenVPN Server

Post by fabiansc » Thu Apr 06, 2017 12:47 pm

Hi again,

in case more details are required, I would be glad to provide whatever is required.

Big thanks!
Top
Post Reply

Return to “Configuration”