Forwarding traffic help

[heraclitus]

Hello. I would like my Windows machine to access the file share on 15.70.0.11.


Both OpenVPN client's can ping the server.
The server can ping client2 (on it's local eth0 IP). Can you advise me on the route configurations/masquerade changes required to have client1 ping and access client2, and then the File Share. I have played around myself with not much luck.

Below is my reverted setup.

server.conf

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 15.70.0.0 255.255.255.0"
client-config-dir /etc/openvpn/ccd
route 15.70.0.0 255.255.255.0
client-to-client
keepalive 10 120
tls-crypt ta.key
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1

/etc/openvpn/ccd/client2

Code: Select all

iroute 15.70.0.0 255.255.255.0

client2.conf - Linux

Code: Select all

client
dev tun
proto udp
remote 172.174.174.174 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
key-direction 1
<ca>...

client1.conf - Windows

Code: Select all

client
dev tun
proto udp
remote 172.174.174.174 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
key-direction 1
<ca>...

[heraclitus]

Okay I got this to work. Configured the Linux (Raspberry Pi) correctly. Now client1 can access the whole client2 network without port forwarding on the router. A lot simpler with less commands than attempted before.

Just needed to enable ip_forward on OpenVPN server and client. And enable iptables MASQUERADE rule.

Updated image, to accurately show what I did.