I want to connect 2 LANS with OpenVPN.
So far, I have successfully connected Site A (Server) with Site B (Client).
From the Client LAN, I can reach every LAN device on Server side.
However, I cannot reach any devices behind the Client. (I can only ping the Client IP from the Server console directly).
Update:
Executing
Code: Select all
iptables -t nat -A POSTROUTING -d 192.168.179.0/24 -j MASQUERADE
But not from the devices behind the Server!
I also use this Server for road-warrior Access with other Clients that are allowed the Access server's LAN. This is already working.
Site A - Server:
IP: 192.168.178.0 / 255.255.255.0
OpenVPN-Server: 192.168.178.220
OpenVPN-IP: 10.08.0.1
Site B - Client:
IP: 192.168.179.0 / 255.255.255.0
OpenVPN-Server: 192.168.179.29
OpenVPN-IP: 10.08.0.10
Site A - openvpn.conf:
Site A
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
#The push routes are added on the clients connecting, telling them to route those networks over the vpn.
push "route 192.168.178.0 255.255.255.0"
client-to-client
route 192.168.179.0 255.255.255.0 10.8.0.1
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
duplicate-cn
keepalive 10 120
tun-mtu 1300
script-security 2
--client-connect /usr/local/bin/ovpn_connect_sendemail.sh
--client-disconnect /usr/local/bin/ovpn_disconnect_sendemail.sh
--verb 4
Site A - /etc/openvpn/ccd/raspmue
Code: Select all
# Set a static IP address for the Router's client connection (to OpenVPN)
ifconfig-push 10.8.0.10 10.8.0.11
# Set the internal IP range for this network.
iroute 192.168.179.0 255.255.255.0
Site B Client
client
dev tun
proto udp
remote xyz.xyz.de 1194
log-append /var/log/openvpn.log
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert raspmue.crt
key raspmue.key
verb 3
comp-lzo
dev tun
proto udp
remote xyz.xyz.de 1194
log-append /var/log/openvpn.log
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert raspmue.crt
key raspmue.key
verb 3
comp-lzo
Site A - iptables -L:
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-apache tcp -- anywhere anywhere multiport dports http,https,48083
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-apache (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Heiko