VPN on NUC, correct routing/bridging for broadcast

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
LearningVPN
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 06, 2018 9:07 pm

VPN on NUC, correct routing/bridging for broadcast

Post by LearningVPN » Wed Jun 06, 2018 9:27 pm

Hi, I would like to use my NUC as OpenVPN server.
I managed to install OpenVPN and create 2 services (1 for tun, 1 for tap). That works fine! In this topic I want to focus on the TAP OpenVPN since I want to connect via TAP and use broadcasting. However I cannot get the routing/bridging 100% correctly working. Also I am not able to connect to other machines in the network over VPN. (It worked when I had it on my OpenWRT router, but now I host it on the NUC and not on the Router(gateway) anymore!

Overview:

Homenetwork:
Modem/Internet (EXTERNAL IP) > OpenWRT ROUTER (192.168.200.1, vpn ports forwarded to NUC) > a) NUC with OpenVPN (192.168.200.247) and b) other Computers, for example Windows Desktop with RDP (192.168.200.X).

Network X:
Modem/Internet > Some router, can be any IP, might be different range as server > a) My client PC's with OpenVPN Client installed, connecting to EXTERNAL IP of homenetwork.

I can connect to EXTERNAL IP. However I cannot reach the local machines or router. Broadcasting also not working. And I dont have the Homenetwork IP when doing IP check. So I have connection but it's not complete yet.

TUN-config NUC (OpenVPN Server):

Code: Select all

tls-server
dev tap
proto udp
#enabled
#persist-key
#persist-tun
#topology subnet
port 1195
keepalive 10 120
mode server
[color=#FF0040]#server-bridge 192.168.200.247 255.255.255.0 192.168.200.31 192.168.200.35
#ifconfig 192.168.1.101 255.255.255.0
#ifconfig-pool 192.168.1.10 192.168.1.20
#push "route-gateway dhcp"
#push "route 192.168.200.247 255.255.255.0 192.168.200.1 1"
#push "redirect-gateway def1"
push "route 192.168.200.0 255.255.255.0"
#push "dhcp-option DNS 192.168.200.1"
#route add 192.168.200.0 mask 255.255.55.0 gw 192.168.200.1
[/color]
# Location of certificate authority's cert.
ca /etc/openvpn/filenameA

# Location of VPN server's TLS cert.
cert /etc/openvpn/filenameB

# Location of server's TLS key
key /etc/openvpn/filenameC

# Location of DH parameter file.
dh /etc/openvpn/dhp4096.pem

# The VPN's address block starts here.
#server 10.89.0.10 255.255.255.0

#explicit-exit-notify 1

# Drop root privileges and switch to the `ovpn` user after startup.
user ovpn

# OpenVPN process is exclusive member of ovpn group.
group ovpn

# Cryptography options. We force these onto clients by
# setting them here and not in client.ovpn. See
# `openvpn --show-tls`, `openvpn --show-ciphers` and
#`openvpn --show-digests` for all supported options.
tls-crypt /etc/openvpn/filenameD
auth SHA512    # This needs to be in client.ovpn too though.
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
ncp-ciphers AES-256-GCM:AES-256-CBC

# Logging options.
#ifconfig-pool-persist ipp2.txt
status openvpn-status2.log
log /var/log/openvpn2.log
verb 4
client-to-client
NUC (OPENVPN Server) IPTABLES

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain f2b-sshd (1 references)
target     prot opt source               destinatio
CLIENT .ovpn
dev tap
proto udp
auth SHA512
log openvpn.log
verb 4

ca "c:\\filenameA"
cert "c:\\filenameB"
key "c:\\filenameC"
tls-crypt "c:\\filenameD"

client
remote-cert-tls server
remote HOMENETWORK_EXTERNAL-IP PORT
auth-nocache
As you can see in my TAP Server conf, I tried a lot of things with routing. However I did not find the final solution. After a couple of days I decided to ask your help. I hope you understand my question and could help me.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN on NUC, correct routing/bridging for broadcast

Post by TinCanTech » Thu Jun 07, 2018 11:24 am

LearningVPN wrote:
Wed Jun 06, 2018 9:27 pm
 log /var/log/openvpn2.log
Check your log file ..
Top
Post Reply

Return to “Configuration”