I have also enabled CLIENT-2-CLIENT so I can access my NAS (synology) which dials in from Home on it's VPN IP (10.8.0.6).
What I want to do is to map my home network (10.0.0.0/24) to the VPN so that both the Office and my Mobile can access my Home network.
I have followed this article: https://openvpn.net/community-resources/how-to/#scope specifically this section: "Including multiple machines on the client side when using a routed VPN (dev tun)" which to me raises two questions...
1a. It says I need to speficy the file path of the config's like so i the server.conf:
Code: Select all
client-config-dir /etc/openvpn/server
Code: Select all
iroute 10.0.0.0 255.255.255.0
The next question I have is this...
- OpenVPN Server is 10.8.0.1, it's LAN is a Public WAN IP.
- NAS IP: 10.0.0.2 (The OpenVPN Client connecting from Home).
- Home LAN is 10.0.0.0/24
- NAS VPN IP: 10.8.0.6
Code: Select all
sudo ip route add 10.0.0.0/24 via 10.0.0.2 dev tun0
sudo ip route add 10.0.0.0/24 via 10.8.0.6 dev tun0
sudo ip route add 10.0.0.0/24 via 10.8.0.1 dev tun0
- 10.0.0.2 Being NAS LAN IP.
- 10.8.0.6 Being NAS VPN IP.
- 10.8.0.1 Being OpenVPN Server IP.
SERVER:
Code: Select all
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway-def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1" <--- Will change to LAN DNS IP when up and working.
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
clr-verify crl.pem
client-to-client
client-config-dir /etc/openvpn/server
route "10.0.0.0 255.255.255.0"
push "route 10.0.0.0 255.255.255.0"
Code: Select all
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote UK.Ungifted.me 7887
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
route-nopull
route 10.8.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0 <----- Tried with and without this.
key-direction 1
verb 3
Once that is working I need to test \ fix if not working the Clients Connecting to the VPN doing the same.
Then finally I'll need to test communication going back the other way which is going to be fun in itself I suspect.
Thanks