Page 1 of 1

Cannot access other devices in the same gateway as VPN server

Posted: Sat Dec 29, 2018 4:21 pm
by mfizz
I'll just explain my set up. I have a openvpn server running on a machine connected to the internet via a router. The router manages the IP addresses.

The router has the IP 192.168.0.1 (192.168.0.0 subnet)

I have given the server to assign 192.168.10.0 to the clients that connect to it

I can access the openvpn server by the IP address it assigns itself. I want to access the devices connected to router as well.
Client.ovpn
client

client
dev tun
proto udp
port 1194
remote x.ddns.net 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA256
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
<ca> -----BEGIN CERTIFICATE----- x -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- x -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- x -----END PRIVATE KEY----- </key> key-direction 1 <tls-auth> -----BEGIN OpenVPN Static key V1----- x -----END OpenVPN Static key V1----- </tls-auth>


Server.conf

server
client-to-client
persist-key
persist-tun

comp-lzo adaptive
dev tun

ifconfig-pool-persist server-ipp.txt 0
keepalive 10 120

key /etc/openvpn/keys/xtrend.key
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/xtrend.crt
crl-verify /etc/openvpn/keys/crl.pem
dh /etc/openvpn/keys/dh.pem
tls-auth /etc/openvpn/keys/ta.key 0

cipher AES-256-CBC
auth SHA256
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
log /tmp/openvpn_server.log
status openvpn-status.log

port 1194
proto udp
server 192.168.10.0 255.255.255.0

#openvpn network know about local network
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"

#let local network know about openvpn network
#route add -net 192.168.10.0/24 gw 192.168.0.15

verb 3

Re: Cannot access other devices in the same gateway as VPN server

Posted: Sat Dec 29, 2018 5:01 pm
by TinCanTech
mfizz wrote:
Sat Dec 29, 2018 4:21 pm
Server.conf

Code: Select all

#let local network know about openvpn network 
#route add -net 192.168.10.0/24 gw 192.168.0.15
Your server already knows this route .. it is the other devices which don't.

It's all in the Howto ..

Re: Cannot access other devices in the same gateway as VPN server

Posted: Sat Dec 29, 2018 10:58 pm
by mfizz
The reason why that line is hashed out, is because when I put it in, it give me an error starting openvpn on the line.

Option either has missing or extra parameters, route (line 32)

Re: Cannot access other devices in the same gateway as VPN server

Posted: Sun Dec 30, 2018 2:50 am
by TinCanTech
did you take a look at the Howto ?

Re: Cannot access other devices in the same gateway as VPN server

Posted: Sun Dec 30, 2018 7:53 am
by mfizz
Yes I did, i believe this is the section:

Code: Select all

EXPANDING THE SCOPE OF THE VPN TO INCLUDE ADDITIONAL MACHINES ON EITHER THE CLIENT OR SERVER SUBNET.
Including multiple machines on the server side when using a routed VPN (dev tun)
Once the VPN is operational in a point-to-point capacity between client and server, it may be desirable to expand the scope of the VPN so that clients can reach multiple machines on the server network, rather than only the server machine itself.

For the purpose of this example, we will assume that the server-side LAN uses a subnet of 10.66.0.0/24and the VPN IP address pool uses 10.8.0.0/24 as cited in the server directive in the OpenVPN server configuration file.

First, you must advertise the 10.66.0.0/24 subnet to VPN clients as being accessible through the VPN. This can easily be done with the following server-side config file directive:

push "route 10.66.0.0 255.255.255.0"
Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).

Make sure that you’ve enabled IP and TUN/TAP forwarding on the OpenVPN server machine.
I suppose I am stuck on how exactly to route vpn subnet to openvpn server

Re: Cannot access other devices in the same gateway as VPN server

Posted: Thu Jan 03, 2019 7:29 am
by mfizz

Code: Select all

Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).
Could someone please help me on how to achieve the above ^^ Am I correct in assuming that this needs to be added to my gateway (isp provided router) the tell it that to send all traffic 10.8.0.0 to the local ip address of my server?