Use Routing NOT WORK

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
timhk
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 03, 2021 12:58 pm

Use Routing NOT WORK

Post by timhk » Tue Aug 03, 2021 1:34 pm

In the below diagram. I had using openvpn server for NAT setting was no problem. The PC_1 using openvpn client had vpnip 172.27.224.10. The PC_1 able ping to PC_2 192.168.2.10. But the problem after I changed to Use Routing in User Permissions the PC1 not able to ping 192.168.2.10. I had try to change many setting but still not work. Does anyone can help me to solve the problem? Please help!
Image

timhk
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 03, 2021 12:58 pm

Re: Use Routing NOT WORK

Post by timhk » Tue Aug 03, 2021 1:36 pm

The Picture not clear. Here is the link for the clear picture.

https://i.postimg.cc/05LZNjNz/ip.png

dickie_uk
OpenVpn Newbie
Posts: 4
Joined: Mon Aug 02, 2021 10:13 pm

Re: Use Routing NOT WORK

Post by dickie_uk » Tue Aug 03, 2021 4:50 pm

In a NAT scenario, the PC_2 will see the connection from 192.168.2.2 (hidden behind the server) - so it can reply locally as its on the same subnet.
When you enable routing, PC_2 will see the incoming connection from 172.27.224.10 (the VPN client IP), which the local network / router will not know how to reach - so it will send the traffic out of its existing default gateway (typically the ISP/external internet connection
).
So you need to add an IP route for 172.27.224.x/xx (whatever your VPN client pool) as being via next-hop 192.168.2.2 - you can either do this on your main router for the whole 192.168.2.x subnet to resolve for all PC_x, or to test it you can also add it directly on the PC_2 if you want to prove the theory.

chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Re: Use Routing NOT WORK

Post by chilinux » Thu Aug 05, 2021 12:13 am

Another possible solution is to change the Dynamic IP Address range of OpenVPN AS.

Say for example that the router has 192.168.2.1 with a netmask of /24 (255.255.255.0). Also for this example let us assume that the DHCP server's range is 192.168.2.10 to 192.168.2.100.

If those two assumptions are correct, then you should be able to change the Dynamic IP Address Network to be inside the already routed subnet.

Instead of 172.27.224.0/20, it could be set to 192.168.2.128/25.

The Dynamic IP Address Network setting can be found under Configuration -> VPN Settings.

Post Reply