Accessing an additional interface/subnet on the OpenVPN server

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
trimix
OpenVpn Newbie
Posts: 1
Joined: Sat Aug 27, 2022 7:47 pm

Accessing an additional interface/subnet on the OpenVPN server

Post by trimix » Sat Aug 27, 2022 9:16 pm

Hey guys! First off, I apologize if this question is basic or boring. I’ve dug through the OpenVPN manual and tutorial section on this forum and for the life of me, I still can’t seem to figure out how to get this to work.

Admittedly, my understanding of Linux internal and OpenVPN routing is very limited but I still feel like I’m overcomplicating this problem.

Since there seems to be a handful of ways to solve any networking problem, I would love it if anyone with experience could chime in and provide clarification as to the cleanest and best solution here.


TL;DR - I added two (private, without DHCP/gateways/internet) NIC’s/subnets to the OpenVPN server and am trying to get the VPN clients to be able to ping/access devices on the additional subnets.


Full breakdown:

I have set up an OpenVPN server running on an Ubuntu 22.04 host with an internal IP of 10.0.0.114.

The router/internet/DHCP server is at 10.0.0.1. Connecting to the OpenVPN server works perfectly and I am able to access all other devices on the 10.0.0.0/24 subnet.


Recently I added two additional NIC’s to the OpenVPN server:

- ens192 with a static IP of 10.0.200.2/24
- ens224 with a static IP of 10.0.250.2./24

Neither subnet (10.0.200.0/24 & 10.0.250.2/24) have a DHCP server, default gateway, or internet access. Both are used purely as private VLAN networks for hosts to communicate directly with each other.


SSH'ing into the OpenVPN server I am able to ping and access all devices on the 10.0.200.0/24 and 10.0.250.0/24 subnets successfully.

From the OpenVPN connection, I am only able to access devices on the 10.0.0.0/24 network.

———

After trying a bunch of different solutions with routing/bridging/etc, I have done a fresh installation of Ubuntu/OpenVPN. I would love some direction before making a mess of things again. :)

What is the simplest way to allow VPN clients to access the two additional private subnets?


Thank you so much for your time!
Top
User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Accessing an additional interface/subnet on the OpenVPN server

Post by ordex » Sun Sep 11, 2022 10:46 pm

To rephrase, you want your OpenVPN server host to act as a router connecting 4 networks:
1) the VPN
2) 10.0.0.0/24
3) 10.0.200.0/24
4) 10.0.250.0/24

You say that 1 can talk to 2, but 1 cannot talk to 3 or 4.

For two networks to talk to each other you need:
a) on the first network a route to the second one
b) on the second network a route to the first one
c) the router between the networks (OpenVPN host) to allow forwarding of traffic

Point c) is probably ok because your host can already forward traffic from 1) to 2) - but you should double check.

Regarding network 3) [network 4 is basically the same]:
a) do clients on the VPN have a route towards it? i.e. are you pushing the related route?
b) do host in the 10.0.200.0/24 network have a route towards the VPN network? Note that this can also be a default route to the "router" (OpenVPN host), but it depends on your setup.

If the two points above are not properly configured, packets cannot flow between the two networks.
Top
Post Reply

Return to “Configuration”