I'm pretty new to OpenVPN but I've managed to setup PiVPN and I'm able to connect to it via an iPad and a PC. Now I need to be able to jump from the NIC I'm coming in on to the other. This should be something simple but for the life of me, I can't figure it out. I come in on eth0 via IP address 192.168.1.14 (Raspberry Pis IP) and I need to be able to hit all devices on eth1 192.168.93.254. The default OpenVPN IP address hasn't been change and my device is being assigned an IP address of 10.8.0.2.
I was hoping it would be as simple as adding a route with something like "ip r a 192.168.93.0/24 via 192.168.1.14" or "ip r a 192.168.93.0/24 via 10.8.0.1" but neither work.
Thanks in advance.
Multiple NICs
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 19, 2017 5:27 pm
Re: Multiple NICs
Looks like exactly what I need. Thank you very much.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 19, 2017 5:27 pm
Re: Multiple NICs
Well, now I'm not sure. This is what we plan to do with this VPN setup. I work for a company that does work for mostly waste water plants all over the state. We want to be able to place VPNs onsite so we can access our equipment (not only computers) from multiple locations. Meaning, I may do it from my home office or work office and a co-worker may do the same with a separate login and I can't guarantee that would be a different subnet as mine. We won't always have the same client side subnet. If I'm reading the guide correctly, it sounds like the subnet must always be the same on the client and must be unique. I also can't guarantee that the subnet for the server would be different than the clients.
Would the bridge option work in this case?
I hope I'm making sense. I'm not a networking guy.
Thanks again.
Code: Select all
The client LAN subnet (192.168.4.0/24 in our example) must not be exported to the VPN by the server or any other client sites which are using the same subnet. Every subnet which is joined to the VPN via routing must be unique.
I hope I'm making sense. I'm not a networking guy.
Thanks again.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 19, 2017 5:27 pm
Re: Multiple NICs
I really wish I could edit my own post instead of bumping this one. The more I read and google, I believe what I want to do can be done with a simple route but I can't get it to work. I can ping the NIC (192.168.86.253) but I can't ping a machine that I have connected to that. I found this but I'm not sure what it's telling. I did enable IP forwarding though.
I ran tcpdump and pinged the one machine I have on the network. It returned this.
Config File:
I ran tcpdump and pinged the one machine I have on the network. It returned this.
Code: Select all
15:10:41.101717 IP 10.8.0.2 > 192.168.86.1: ICMP echo request, id 30840, seq 30840, length 64
Code: Select all
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.86.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
# Generated for use by PiVPN.io
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Multiple NICs
tincanteksup <at> gmail