Noob question

[GiGiSSiMo]

Hi all,

i've setted up an openvpn server in my office where lan endpoints have 192.168.1.1/24; the server itself takes 10.8.0.1 and give to my home PC 10.8.0.6.

The server conf is this:

View OriginalServer config

local 192.168.1.103
port 1972
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

At my home i also have a lan with the same 192.168.1.1/24 configuration and my conf is:

View OriginalClient config

client
dev tun
proto udp
remote xxx.yyy.www.zzz 1972
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myname.crt
key myname.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3

So at my home i've have 192.168.1.100 that is a NAS and in my office i've 192.168.1.100 that is the file server.

Actually i can reach openvpn server with remote desktop or with windows administrative share 10.8.0.1\c$.

How can I reach my office file server with a translated address like 10.8.0.100 and mapping shared folder when connected with openVPN client?
I'd like to see all my home local lan, surfing on the web with my home gateway but seeing all my office PC's and servers with translated address.
Is that possible?

Sorry for my bad english.

[Pippin]

See here,
https://community.openvpn.net/openvpn/w ... gConflicts
and here,
https://community.openvpn.net/openvpn/w ... dVPNdevtun

[GiGiSSiMo]

See here,
https://community.openvpn.net/openvpn/w ... gConflicts

Thank you for reply.
In this article "i can read In order to avoid routing conflicts one should choose subnets carefully for the networks under ones control" but this alert is too late, my home and office network has the same subnet and i've spent a lot of time for configuring all the things in the 2 networks.

and here,
https://community.openvpn.net/openvpn/w ... dVPNdevtun

Here, if i've understood, i've to add to server conf the line :
push "route 192.168.1.100 255.255.255.0"
but in this way i can't access from home my NAS that has the same IP.
Is this correct?

[Pippin]

my home and office network has the same subnet and i've spent a lot of time for configuring all the things in the 2 networks.

Your router(s) would be the place to assign an IP address based on MAC and leave all connected hosts on DHCP...

Here, if i've understood, i've to add to server conf the line :
push "route 192.168.1.100 255.255.255.0"
but in this way i can't access from home my NAS that has the same IP.
Is this correct?

Yes.
By the way, it would be

Code: Select all

push "route 192.168.1.0 255.255.255.0"

[GiGiSSiMo]

Code: Select all

my home and office network has the same subnet and i've spent a lot of time for configuring all the things in the 2 networks.

Your router(s) would be the place to assign an IP address based on MAC and leave all connected hosts on DHCP...

Here, if i've understood, i've to add to server conf the line :
push "route 192.168.1.100 255.255.255.0"
but in this way i can't access from home my NAS that has the same IP.
Is this correct?

Yes.
By the way, it would be

Code: Select all

push "route 192.168.1.0 255.255.255.0"

Thanks for suggestions.
I've also found this thread that seems to be almost my case:
viewtopic.php?t=13274

[Pippin]

I've also found this thread that seems to be almost my case:
viewtopic.php?t=13274

No it's not, stay away from bridging...

[GiGiSSiMo]

OK so let's continue with TUN.

I've assigned to my OpenVPN Server another IP 172.16.15.103 with another gateway 172.16.15.254 that is now a virtual interface on my Zyxel Firewall.

So my office's LAN is now configured with 4 server with double IP 192.168.1.xxx and 172.16.15.xxx with two gateways: i'm not intersted to other machines so i've leaved with only the first IP range.

I've changed server config with "local 172.16.15.103".

I've changed also push "route 172.16.15.0 255.255.255.0"

Routing is enabled on my server by setting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip\Parameters\IPEnableRouter changing from 0 to 1 and restarted.

I've also added a static route on office gateway (Zyxel Firewall) in this way:

Destination 10.8.0.1 Subnet 255.255.255.0 Next-hop 172.16.15.103.

Now if i trace the server from my client:

tracert 172.16.15.103

1 20 ms * 21 ms 10.8.0.1
2 19 ms 21 ms 20 ms 172.16.15.103

That's ok

But i can't still reach other servers:

tracert 172.16.15.105

1 30 ms * 19 ms 10.8.0.1
2 * * * Richiesta scaduta. (timeout in italian)

So actually i can't reach others machines.

I' don't know if helps but this is my ipconfig server side:

Scheda sconosciuta Connessione alla rete locale (LAN):

Suffisso DNS specifico per connessione:
Indirizzo IPv6 locale rispetto al collegamento . : fe80::9d64:f293:b088:30f5%20
Indirizzo IPv4. . . . . . . . . . . . : 10.8.0.1
Subnet mask . . . . . . . . . . . . . : 255.255.255.252
Gateway predefinito . . . . . . . . . :

Scheda Ethernet vEthernet (Microsoft Network Adapter Multiplexor Driver - Virtua
l Switch):

Suffisso DNS specifico per connessione:
Indirizzo IPv6 locale rispetto al collegamento . : fe80::d4c9:4ada:4266:2414%19
Indirizzo IPv4. . . . . . . . . . . . : 172.16.15.103
Subnet mask . . . . . . . . . . . . . : 255.255.0.0
Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.103
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Gateway predefinito . . . . . . . . . : 192.168.1.254
172.16.15.254

[GiGiSSiMo]

Nobody can help me?

[TinCanTech]

So at my home i've have 192.168.1.100 that is a NAS and in my office i've 192.168.1.100 that is the file server