Here it is:
Server Side:
OS: Ubuntu 16.04
LAN Gateway: 192.168.100.2
OpenVPN server LAN IP: 192.168.100.253
Route entry at 192.168.100.2:
destination: 10.8.0.0
netmask: 255.255.255.0
gateway 192.168.100.253
Server Config File:
server
port 1194
proto udp
dev tun0
topology subnet
ca /etc/openvpn/ca.crt
cert /etc/openvpn/BULVPNSERVER.crt
key /etc/openvpn/BULVPNSERVER.key # This file should be kept secret
dh /etc/openvpn/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.100.0 255.255.255.0"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-128-CBC # AES
comp-lzo
;max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
;mute 20
Client config:
client
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca.crt
cert KSS1XMAC.crt
key KSS1XMAC.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-128-CBC
comp-lzo
verb 3
;mute 20
on the client side using a Mac, when connected to the VPN,
netstat -nr
Code: Select all
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.43.1 UGSc 11 0 en1
10.8/24 10.8.0.2 UGSc 1 0 utun0
10.8.0.2 10.8.0.2 UH 1 0 utun0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 3 77154 lo0
169.254 link#5 UCS 0 0 en1
192.168.43 link#5 UCS 1 0 en1
192.168.43.1/32 link#5 UCS 1 0 en1
192.168.43.1 8:23:b2:e3:ab:ca UHLWIir 12 101 en1 1180
192.168.43.99/32 link#5 UCS 0 0 en1
192.168.43.255 ff:ff:ff:ff:ff:ff UHLWbI 0 13 en1
[b]192.168.100 10.8.0.1 UGSc 0 0 utun0
[/b]224.0.0 link#5 UmCS 2 0 en1
224.0.0.1 1:0:5e:0:0:1 UHmLWI 0 7 en1
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en1
255.255.255.255/32 link#5 UCS 0 0 en1
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en1/64 link#5 UCI en1
fe80::226:bbff:fe0a:7192%en1 0:26:bb:a:71:92 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en0/32 link#4 UmCI en0
ff01::%en1/32 link#5 UmCI en1
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en0/32 link#4 UmCI en0
ff02::%en1/32 link#5 UmCI en1
the routing entry shows that the 192.168.100.0/24 network should be routed through the tun interface..
I do have an entry in the LAN gateway routing 10.8.0.0/24 to gateway of 192.168.100.253...
I don't know which part I am still missing here...
iptables of the OpenVPN machine:
Code: Select all
[sudo] password for kss1x:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn
ACCEPT udp -- anywhere anywhere state NEW udp dpt:1195
SSH_OVPNBOX tcp -- anywhere anywhere tcp dpt:2222
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
hope someone can point it out... thanks.