i've setup a bridged openvpn server inside our lan, clients can connect, DNS works, whole lan is reachable.
So far everything is fine (cursed a lot, but learned a lot too).
Now I need to route the clients to the subnet (172.16.0.0) of our subsidiary which is tunneled by a firewall (Sonicwall/192.168.73.254).
My first try was to push this route through the server config:
push "route 172.16.0.0 255.255.255.0 192.168.73.254"
Effect: i assume it f*** up the ethernet bridge or tap, clients could connect, but couldn't even ping the openvpn server anymore.
Second try was to setup the route manually on the client command line (win32):
route add 172.16.0.0 mask 255.255.255.0 192.168.73.254
Effect: works perfectly, lan and subnet are reachable, but not very comfortable.
Third try was setting the route in the client config:
route 172.16.0.0 255.255.255.0 192.168.73.254
Effect: subnet is still not reachable.
What i found out is that with the client config method the route gateway ist not setup correctly. The gateway for this route is then set to openvpn's ip (192.168.73.2) and not the required one.
Any help and especially explanation is very welcome, since i'd prefer not to have to setup scripts for this route to work.
serverconfig
**************
port PORT
proto udp
dev tap0
float
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server-bridge 192.168.73.2 255.255.255.0 192.168.73.110 192.168.73.130
push "dhcp-option DNS 192.168.73.1"
push "dhcp-option WINS 192.168.73.1"
keepalive 10 120
comp-lzo
max-clients 20
client-to-client
user nobody
group nobody
persist-key
persist-tun
duplicate-cn
ifconfig-pool-persist ipp.txt
Client config
**************
tls-client
dev tap
proto udp
remote PUBLIC_IP PORT
pkcs12 USER.p12
pull
nobind
persist-key
persist-tun
ip-win32 dynamic
comp-lzo
verb 3
ns-cert-type server