Routing question

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Locked
chipconnection
OpenVpn Newbie
Posts: 12
Joined: Wed Nov 18, 2009 3:25 am

Routing question

Post by chipconnection » Mon Apr 30, 2018 4:40 pm

Hello all,

The LAN the Access Server is on is in the 192.168.1.x subnet. I know some of the people I want to connect from the outside will also be on that network.

All I need is for people outside the office to access one server machine on the 'home' network. Is there a way to setup routing such that the external people could use an OpenVPN IP (in the 172.24.x.x subnet) and have that traffic get directed to the server? Thus eliminating DNS lookup issues.

Thanks,
-John

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Routing question

Post by novaflash » Thu May 03, 2018 1:54 pm

Well the short answer is that you really should re-IP the network behind the Access Server to avoid the problem. Using 192.168.0.0/24, 192.168.1.0/24, or 192.168.2.0/24 is asking for problems, I'm afraid.

The long answer is, maybe, with iptables and NAT source and destination NAT, you might be able to achieve something, but it will get very hairy very quickly and we have no guides available for this, sorry.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Routing question

Post by Pippin » Thu May 03, 2018 4:02 pm

iptables NETMAP target...

But indeed better re-IP server side.
Do not use following common subnets:

Code: Select all


10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255

169.254 # APIPA #

172.16.0
172.16.16
172.16.42
172.16.68

172.19.3

172.20.10 # IPhone built-in hotspot #

192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.31
192.168.33
192.168.39
192.168.40
192.168.42 # Android USB tethering #
192.168.43 # Android built-in hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 # Windows Phone built-in hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254

200.200.200

Last edited by Pippin on Fri May 04, 2018 6:54 am, edited 1 time in total.

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: Routing question

Post by novaflash » Thu May 03, 2018 6:29 pm

Ah yeah netmap, thanks. Gives me something to investigate. Also thanks for the long list of common addresses, although I didn't realize some of those higher numbered 192.168.*.* addresses were so 'common'.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Routing question

Post by Pippin » Fri May 04, 2018 7:00 am

The list I made with the help of various sites like:
https://www.techspot.com/guides/287-def ... addresses/
https://www.routeripaddress.com/
It does not only contain routers but also access points, switches etc.
Some addresses will be very common and others less.

Vickiekeith
OpenVpn Newbie
Posts: 1
Joined: Sat Jan 05, 2019 8:17 am

Re: Routing question

Post by Vickiekeith » Sat Jan 05, 2019 8:19 am

chipconnection wrote:
Mon Apr 30, 2018 4:40 pm
Hello all,

The LAN the Access Server is on is in the 192.168.1.x subnet. I know some of the people I want to connect from the outside will also be on that network.

All I need is for people outside the office to access one server machine on the 'home' Router. Is there a way to setup routing such that the external people could use an OpenVPN IP (in the 172.24.x.x subnet) and have that traffic get directed to the server? Thus eliminating DNS lookup issues.

Thanks,
-John
I am also facing this issue any help would be appriciated.

Locked