Connecting to client's subnet.

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
hikar
OpenVpn Newbie
Posts: 5
Joined: Sun Jan 23, 2022 11:50 am

Connecting to client's subnet.

Post by hikar » Sun Jan 23, 2022 7:45 pm

Hi Soimimozo,

I would thank god that i found this post! it would be very helpful if I can get any expert advice from you.

I want to achieve the same goal, Want to access the client to the client's subnets. Below is the current configuration,

1. using OpenVPN Access Server installed on cloud
2. Generating Users in OpenVPN Access Server and downloading the client configuration file from the same
3. uploading the client configuration file to the router and router is becoming the client.
4. using OpenVPN Connect to make a windows system another client
5. Client-to-client communication is working fine but the client's subnets (Device Connected to the router) are not accessible.

I am not able to add such string, as below, to the configuration file as the OpenVPN Access server itself is creating a file,

iroute 192.168.4.0 255.255.255.0

route 192.168.4.0 255.255.255.0

client-to-client
push "route 192.168.4.0 255.255.255.0"

I would request your guidance, would really appreciate it as I am behind it for more than 20 days.

Below is the client configuration file generated by OpenVPN Access Server

Code: Select all

# Automatically generated OpenVPN client config file
# Generated on Sun Jan 23 19:30:40 2022 by ip-172-31-32-231
# Note: this config file contains inline private keys
#       and therefore should be kept confidential!
#       Certificate serial: 79, certificate common name: AXCF1_AUTOLOGIN
#       Expires 2032-01-21 19:30:40
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=AXCF1
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=AXCF1@15.206.28.44/AUTOLOGIN
# OVPN_ACCESS_SERVER_AUTOLOGIN=1

# Default Cipher
cipher AES-256-CBC
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=15.206.28.44:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# MIIDIjCCAgqgAwIBAgIEYca1UjANBgkqhkiG9w0BAQsFADBCMUAwPgYDVQQDDDdP
# cGVuVlBOIFdlYiBDQSAyMDIxLjEyLjI1IDA2OjA4OjE4IFVUQyBpcC0xNzItMzEt
# MzItMjMxMB4XDTIxMTIyNDA2MDgxOFoXDTMxMTIyMzA2MDgxOFowQjFAMD4GA1UE
# Aww3T3BlblZQTiBXZWIgQ0EgMjAyMS4xMi4yNSAwNjowODoxOCBVVEMgaXAtMTcy
# LTMxLTMyLTIzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALketJtd
# HBMgy1/Jfk/ILQK/Fz8UcS1EfsCa4+N572VuHy2chb1voRUEERuFGil0loZyXEwE
# C3AtV4I1Btu8gqTVbv3kzRlogh0X4Xsnak/G2LqlBIIgSj488IUEfQmkiBE/VO8t
# YZ+3kB3YPagIwcVVWD10rR0lF1hh6MKkx87Y/T4M70idV0BYKNUNMzCrDN7cUCSq
# ibkE0+PQto9is0JV8V4LmvJxtPZpyQYE/AAdR7fTGbRPl1f1bi2wov+NhdzzzQFP
# 45O1Eza6ciqh8CePGtANiiIk4bi+zCsH3tJkxAj0lL41NEnscpB56XaOY3EkvPc7
# R4+jPOLXNuBxb0UCAwEAAaMgMB4wDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
# AQYwDQYJKoZIhvcNAQELBQADggEBAGzVS4zx7Xn+2K9plGiWv5U9QTypyx0XP4VO
# au1X993M9HVuA8b99iUtIIpcE+ZclHcAHGPAbpLZ6LBDIPQHE3Py8wcaySRDotSI
# Px651ummmFKJOUW5RjnZmNYJ1uEm3Wg3PqXVNoVnZ/GjEUHcFho1p9Gie3BGpoJT
# w97v4qMFFqmBBhXaWOAGriGztvEi72vP/pYGTSrqaBPKQmOhtAiky4mas0kwfTzt
# b0RkdTpBBQH6OtLrNb/JEfllg6UuHdBqcW2XoajXPcHz6HdIbK/O9AfB9N3NPDtl
# fUjLKDupfIxxwFCb1C9ZbuRo/E+pjuhG90+Vtf161DBBpPKT/x0=
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
client
server-poll-timeout 4
nobind
remote 15.206.28.44 1194 udp
remote 15.206.28.44 1194 udp
remote 15.206.28.44 443 tcp
remote 15.206.28.44 1194 udp
remote 15.206.28.44 1194 udp
remote 15.206.28.44 1194 udp
remote 15.206.28.44 1194 udp
remote 15.206.28.44 1194 udp
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
verb 3
push-peer-info

<ca>
-----BEGIN CERTIFICATE-----
MIICyDCCAbCgAwIBAgIEYca1TDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApP
cGVuVlBOIENBMB4XDTIxMTIyNDA2MDgxMloXDTMxMTIyMzA2MDgxMlowFTETMBEG
A1UEAwwKT3BlblZQTiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ALpTeC/UweFPp2+7yYWMnGUGTMWVOGRbCc+5egIyxFdHBfiXgDOk7NfvlSViunSH
U9H8VpDSepLrhDchWqXswr/r8nRICXMUS/etKKK8GDnNfRzFP0aElQ2MFn2Tnc/r
eTHvPFIC7cVhMXm+KikBq42J3lTXDeWuH1M8ndZXDA2hU5jjrvrNIpKxf3nnZ/Vl
tPRmZQCqVGRKfLGNsRf1r2zVobvhVrV7taucvN56B7kx6q0nWL2u1swsJpGSvoRN
4rT1s6v/EiVnjEL1TphJsqt6wjs0RvdFmjv7mxeyk7hnpbAZSasqD1uBH5THivak
yxGdkMsFm3gsPjAz2m4BCVUCAwEAAaMgMB4wDwYDVR0TAQH/BAUwAwEB/zALBgNV
HQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAA9FjNvghijAuYFxJCCr6+/E5Ie9
krxOlz6/jXGAmulZ6jalR8cWLC2kvermXJXBeon7cfpiP8d2R3T325cf3zbv5YiR
S+8mw7yHI2++L4MzQMdYnxiyL+tXF66pn/TQD15d4SCSaDbj5arT2TmqImUfRL6C
ULvJ1fBkOdttKbNQMl3f8QPbeflP+f0NnePmjh1jOpMvwLK/aMGgMB5iwZwOI2jc
QNvpnwOd3goql2nZUYPfKNGzjiwWmbYKsP/betTxLUHhNVAIRjgmc5dY60HtnvB0
xBNxkI40VamMABi+Vkvse1D08b5vbXGGYNik0EZsY1KmDqW9//clhJNycEU=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIC7zCCAdegAwIBAgIBTzANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApPcGVu
VlBOIENBMB4XDTIyMDEyMjE5MzA0MFoXDTMyMDEyMTE5MzA0MFowGjEYMBYGA1UE
AwwPQVhDRjFfQVVUT0xPR0lOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw1qhASHzVKLsbEzMACAI+ajomxORWeSWDCa8mIfB3qGDVqSJdNvEr3Vl+L5a
6Tl9tjikQxO2isS5ZA31gRubJrpS3CuOws8ZDUCx/vzJm04UEKT6xCMsd7e7Hf18
2k6IGossCXVqoWYjPI27c+i3SCunAylEWXiMMKCW4mSEapFMTFhQISgdQgGAHm8O
RFCNj+Sx2KAeCwmMXG9RUZgQMY796R+mIxPJIPq0+1r/OcQnp2MLCWjs8TPOHahF
47ohEO/5WuTz1UlJDGbr1+4MkIZqwpFdWhJ3iCQbEvEfbUFan1lZ4MSN0+db1cf0
PV8rzbmAdftgS1Xgov4C52nL1QIDAQABo0UwQzAMBgNVHRMBAf8EAjAAMAsGA1Ud
DwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjARBglghkgBhvhCAQEEBAMCB4Aw
DQYJKoZIhvcNAQELBQADggEBAFxPpWRndtVgzWMS8n9ioA6HG9r/dHJAYGxIpLkq
tWM30/PSmbD5IM+e6hbZRGxbIWkRzNGRt+eiwHCN4nFl33QpR1Nk4297VywY1zlN
QoqbZua5QNlLu1VsOob2nimz5uj1RhAljdOtesWNVr1ezHjh2G4A58WlYwFsw4Hp
lh/iqSKW/0JeShhfXn3j6aCe+kICXSeHaCo8Oo8q/mQ7IOKZ2m7tcXXrck+2LEP/
U5uIIRGKrjyXIPvNdktWdE7imn9TUlfexR+ff65JVA5pOGqOccHTfbxdXpo4VmHY
9JtUhDj9zy9HYtLmA+r32FxUHLe4uNvAcpAvOK+NaNHufP4=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
snip
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
snip
-----END OpenVPN Static key V1-----
</tls-crypt>
## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## qle9PpjHS0RnOYtRlyLp/iq0anIfOy3A82tnhrdnYeY639ZYNB
## IOj0DuBjvwRq9S4xEvAvC2lyJBJ+guqi1BQPH6+PgrnVgEWS3g
## w1WQ2ATq2ByNYtNFRBxzzSW2vUSgM6SyzmnLGus/Ysvk4xT1u9
## S5VIuBOn2WFjlVTIirYXVvHaXcz3+E5ac4dta32cF0v769bjs5
## a4A6Ek45XsaLhbgkwreC3a1XBSNBVGJlgw3OQtoSZjazdy4SC6
## G2EeNr7cVABYNxlfy2Xf5AOvI9B4GoKyaBvUA6vQz4wlZ6zr3K
## PICON8RdjnQlmd5xWTJw715K+zL2Gk8otfhH0pOdcQ==
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## MIIDIzCCAgugAwIBAgIFAMOXxpwwDQYJKoZIhvcNAQELBQAwQjFAMD4GA1UEAww3
## T3BlblZQTiBXZWIgQ0EgMjAyMS4xMi4yNSAwNjowODoxOCBVVEMgaXAtMTcyLTMx
## LTMyLTIzMTAeFw0yMTEyMjQwNzMyNThaFw0yMjEyMjUwNzMyNThaMBcxFTATBgNV
## BAMMDDE1LjIwNi4yOC40NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
## ANXN6/CjagCTeccekbiTbE6jGE8ZULqxe1eUBh9csEzqe8Yf+AzwBB25V37WlOZo
## MBG9pk5FB8LtnUbzg6mvdWS+hbGc22M6cLZm98xfHzeN0fTGeSPs732BHkuMzA0Z
## gaT/+ylwSEKIff+vokj+F7bMkzmwNZghcZXRqnqA/mgx3mxH6uDs5QpX+VULbWkL
## dEWtfMkj1W9WnRNCgqdSgjr1HtZExY7qb15/eac1Sb4Fq2OFLWcT0kZaE/C07VR+
## SE8ow07McoAERJMB7VHNjtYNum5nGkc6Qmh2ekbV2pWp94+PYhXB5tw648KlpFZs
## u0botxH76xFv2HgHPV7oOeUCAwEAAaNLMEkwDAYDVR0TAQH/BAIwADALBgNVHQ8E
## BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFwYDVR0RBBAwDoIMMTUuMjA2LjI4
## LjQ0MA0GCSqGSIb3DQEBCwUAA4IBAQCV2XxHDRdGxXQLDJkPqZ3pcjZqwgg9Rlez
## hOPMrSm5tPtMg47YCQX0eDOi0QKbr5M/eN866QQrko1jd6fe2PI8MCIyMKAIrTKH
## FWeUGRkdJtNCj/dQqRCix/sY+zBjZezvEgYCIOjWuTWelx9P/D09zv/epjnL4Rma
## CgVnmZGiDULfoANqM0B5zcuETosca0LCQ2HQZ5TnC8Mt1hdC7LJP5fqhCOk+mmPj
## Y/l6O8EPx2Xeqz+zvgvVTLwTnofTa+JlqG4RcslKVzQmC/QHNLpDc4zzRLsw8vZQ
## MgGf67TVeTAJWm5V9AUhGyaaVr5YCIUE2B3ukC01XkayELS5N6lE
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## MIIDIjCCAgqgAwIBAgIEYca1UjANBgkqhkiG9w0BAQsFADBCMUAwPgYDVQQDDDdP
## cGVuVlBOIFdlYiBDQSAyMDIxLjEyLjI1IDA2OjA4OjE4IFVUQyBpcC0xNzItMzEt
## MzItMjMxMB4XDTIxMTIyNDA2MDgxOFoXDTMxMTIyMzA2MDgxOFowQjFAMD4GA1UE
## Aww3T3BlblZQTiBXZWIgQ0EgMjAyMS4xMi4yNSAwNjowODoxOCBVVEMgaXAtMTcy
## LTMxLTMyLTIzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALketJtd
## HBMgy1/Jfk/ILQK/Fz8UcS1EfsCa4+N572VuHy2chb1voRUEERuFGil0loZyXEwE
## C3AtV4I1Btu8gqTVbv3kzRlogh0X4Xsnak/G2LqlBIIgSj488IUEfQmkiBE/VO8t
## YZ+3kB3YPagIwcVVWD10rR0lF1hh6MKkx87Y/T4M70idV0BYKNUNMzCrDN7cUCSq
## ibkE0+PQto9is0JV8V4LmvJxtPZpyQYE/AAdR7fTGbRPl1f1bi2wov+NhdzzzQFP
## 45O1Eza6ciqh8CePGtANiiIk4bi+zCsH3tJkxAj0lL41NEnscpB56XaOY3EkvPc7
## R4+jPOLXNuBxb0UCAwEAAaMgMB4wDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
## AQYwDQYJKoZIhvcNAQELBQADggEBAGzVS4zx7Xn+2K9plGiWv5U9QTypyx0XP4VO
## au1X993M9HVuA8b99iUtIIpcE+ZclHcAHGPAbpLZ6LBDIPQHE3Py8wcaySRDotSI
## Px651ummmFKJOUW5RjnZmNYJ1uEm3Wg3PqXVNoVnZ/GjEUHcFho1p9Gie3BGpoJT
## w97v4qMFFqmBBhXaWOAGriGztvEi72vP/pYGTSrqaBPKQmOhtAiky4mas0kwfTzt
## b0RkdTpBBQH6OtLrNb/JEfllg6UuHdBqcW2XoajXPcHz6HdIbK/O9AfB9N3NPDtl
## fUjLKDupfIxxwFCb1C9ZbuRo/E+pjuhG90+Vtf161DBBpPKT/x0=
## -----END CERTIFICATE-----

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Connecting to client's subnet.

Post by openvpn_inc » Sun Jan 23, 2022 9:08 pm

Hi hikar,

Just a quick note here that you pasted in two private keys (TLS key and TLS-crypt key) in your post. Please do not do that. I was the second view of your post, but in any case you should change those keys.

I'll reply to your questions in a bit if I have time.

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

hikar
OpenVpn Newbie
Posts: 5
Joined: Sun Jan 23, 2022 11:50 am

Re: Connecting to client's subnet.

Post by hikar » Mon Jan 24, 2022 4:23 am

openvpn_inc wrote:
Sun Jan 23, 2022 9:08 pm
Hi hikar,

Just a quick note here that you pasted in two private keys (TLS key and TLS-crypt key) in your post. Please do not do that. I was the second view of your post, but in any case you should change those keys.

I'll reply to your questions in a bit if I have time.

regards, rob0
Hi,

Thank you for your reply. I am checking on TLS as you suggested. I would really appreciate and wait for your reply on the matter.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Connecting to client's subnet.

Post by openvpn_inc » Mon Jan 24, 2022 4:11 pm

hikar wrote:
Sun Jan 23, 2022 7:45 pm
...
I want to achieve the same goal, Want to access the client to the client's subnets. Below is the current configuration,

1. using OpenVPN Access Server installed on cloud
2. Generating Users in OpenVPN Access Server and downloading the client configuration file from the same
3. uploading the client configuration file to the router and router is becoming the client.
4. using OpenVPN Connect to make a windows system another client
5. Client-to-client communication is working fine but the client's subnets (Device Connected to the router) are not accessible.
Hello again,

We had a death in the family yesterday so I was unable to get back to this. It was a cat, but still, this was in the family and required my full attention.

Access to a client's LAN is well documented for community version openvpn(8), but not yet so well for Access Server. (Yes, Johan, I have added that to my substantial to-do list. Or, we could just pass this post on to the Appropriate Person?) Concepts (and some of the details) are similar, but configuration is very different.

On the Access Server:
  1. In the admin web UI, go to the User Management / User Permissions tab.
  2. Choose the user running the client behind which is the LAN you want to connect to.
  3. Click the "More Settings" widget.
  4. Below see VPN Gateway and select "Yes".
  5. Enter in the box, the subnet address[es] to which you wish to route through this client.
  6. Save Settings (at the bottom) then Update Running Server (at the top) as per any change in the admin UI.
On the client:
  1. Enable IP forwarding. This will vary by OS/distro. An example is found at this link: How do I enable IP forwarding?
  2. Ensure that any firewall it has will allow the forwarded traffic to pass.
  3. OpenVPN cannot possibly support every distro and OS. Please check documentation and seek community or support as needed.
On the default gateway for this client's LAN:
  1. Optional, but a good idea: if the client machine uses DHCP, configure a static IP address for that machine. (This might need to be done elsewhere, if the router is not also the DHCP server.)
  2. Configure a static route for any VPN subnets you wish to route, to go via the client's LAN address.
  3. Again please do not expect OpenVPN to know how to configure every possible router. If you have questions see documentation for your router, and possibly seek support from the vendor or community which supports it.
Note that some cheap consumer-grade routers might not have settings for static routes. If this is the case for you, get a better router. You can't expect to accomplish cool things like VPN site-to-site routing on garbage-grade routers. But as a stopgap measure, you can try to create static routes pointing to VPN networks, via the VPN client's LAN address, on each of the LAN devices you hope to route through the VPN. (For some garbage-grade routers you might not even be able to connect to local clients, so this might not work.)

I said it twice, but I'll say again: OpenVPN cannot possibly support every aspect of this. We support our software. We can show you how it might be used. But we're not able to look up every detail for random operating systems or devices. If we know the answer we will help, but our company resources are finite! Hire an expert to help you if you can't handle this task. And no, we're not available for hire for these things.

Anyway, there it is. Permit me to leave you with a few extra links which might be of interest: regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

hikar
OpenVpn Newbie
Posts: 5
Joined: Sun Jan 23, 2022 11:50 am

Re: Connecting to client's subnet.

Post by hikar » Mon Jan 24, 2022 4:57 pm

Hello,

May your cat’s love bring you peace, and may the memories you both shared bring comfort to your broken heart. And don’t worry, Heaven is filled with love, so your cat should feel right at home there.

Further, thank you for your detailed response. Only one question after your above explanation,

1. Any specific settings to be done under configuration in Access server web UI, specially “VPN Setting” and “Advanced VPN Settings” to achieve this? (Inter-client communication we kept on)

Thnks

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Connecting to client's subnet.

Post by openvpn_inc » Mon Jan 24, 2022 6:49 pm

Hi hikar,

Thanks for the concern. :) At least she's not suffering now. Her final two weeks were hard.

And yes, you do need to enable the routing to the client subnet somewhere in AS. There are many places where this can be done: global routes in VPN Settings would be one such place. Also you'd probably want to enable routing, not NAT.

Johan (who also recently lost a feline friend) pointed out that the last link I gave (Site to Site) does indeed cover client LAN access. I just glanced over it too quickly. But now we have this HOWTO also. :)

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

hikar
OpenVpn Newbie
Posts: 5
Joined: Sun Jan 23, 2022 11:50 am

Re: Connecting to client's subnet.

Post by hikar » Wed Jan 26, 2022 6:41 am

Hi rob0,

Thank you for your guidance. We have successfully achieved our goal to connect the client's subnets from the client.

Further, as it says for human beings, empty stomach - one problem, stomach full - hundreds of problems.

Similarly, we have other challenges now in front of us... within that, for only 2 I would like to seek your advice,

1. Is it possible to assign virtual IPs to all the Client-side Local subnets?
2. Is it possible to install and manage multiple OpenVPN access servers upon one server with one static public IP? (Our main issue is, multiple clients, is having the local subnets with the same IPs i.e. 192.168.xxx.xxx so user permission is denied)

Highly appreciate it if you can spare some time to guide me on this or give a reference of any suitable doc.

Best Regards, Hikar.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Connecting to client's subnet.

Post by openvpn_inc » Wed Jan 26, 2022 5:48 pm

Hi Hikar,

1. I'm not sure what you mean, "virtual IPs"? I am thinking you are suffering network overlaps. And the only sensible fix for that is to eliminate the overlaps!

RFC 1918 is huge. More than enough to meet the needs of any organization, no matter how large. Just pick different networks.

It's not possible to route into every client's 192.168.1.0/24 network. If you are going to set up any client as a VPN gateway to their LAN, you need to tell them to change to another address if they're in conflict with addresses you already use.

2. Multiple Access Servers can indeed share one address, but only one of them can bind UDP/1194 and TCP/443 and TCP/943. But I don't see how that could solve your RFC 1918 network overlap problem anyway.

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Connecting to client's subnet.

Post by openvpn_inc » Wed Jan 26, 2022 8:15 pm

This might be of interest, in the OpenVPN Cloud service:
How to Fix IP Overlap with OpenVPN Cloud

The same thing is of course possible in Access Server, but you would have to set up the DNS nameservers and work out the NAT yourself.

One thing on the roadmap for the future: well, you know how OpenVPN Cloud is "Software As A Service (SAAS)"? Eventually the Cloud service is planned to be made available as software you can run on-prem, "Service as Software". It will be like Access Server, but with much more features (and more moving parts, like integrated nameservers.)

Not sure when; I just heard about it from our CEO this week. Watch us on LinkedIn and our blog.

In the meantime: fix your IP network overlaps. ;)

hth, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply