Help with Client to Client PiVPN server

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nray
OpenVpn Newbie
Posts: 1
Joined: Sat Jul 29, 2023 12:10 am

Help with Client to Client PiVPN server

Post by nray » Mon Jul 31, 2023 5:41 pm

Hello, I am newish to networking and having a difficult time trying to solve an issue I am having, I am trying to create an OpenVPN server on Raspberry PI using PiVPN, my goal is to be able to remotely connect to the PI with my work laptop and have the PI work as a bridge to connect to 3 PLCs(This will eventually grow to 22) I have about an hour away for work. I can currently connect all of my devices to the Pi, and I can ping them all without issue, however I cannot access their GUI or SSH into them. I am not sure what I am missing, I have turn on IPV4 forwarding on the Pi
I am using DDNS and have Pihole setup on the Pi as well, I wan't to use PiHole to allow me to give the PLCs a hostname to connect to easier.
I also have setup port forwarding and static routes on my router that the PI is connected to

I was able to create a cloud connexa account and drop in the .OVPN files into the PLCS and my laptop and connect to each device, so all of the ports are open for my devices, I believe it's an issue with the PI

Illustration of network
0000000000000000000000000000000000000000000------- PLC@ 192.168.3.1
000000000000000000000000000000000000000000/
00000000000000000000000000000000000000000/
0000000000000000000000000000000000000000/
Laptop 192.168.2.1 ----------> Pi@ 192.168.1.1 -------------- PLC@ 192.168.4.1
0000000000000000000000000000000000000000\
00000000000000000000000000000000000000000\
000000000000000000000000000000000000000000\
0000000000000000000000000000000000000000000------- PLC@ 192.168.5.1
Server info:

Server
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberry_***.crt
key /etc/openvpn/easy-rsa/pki/private/raspberry_***.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.160.200.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 10.160.200.1"
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io[/oconf=]

Client info:

Client

client
dev tun
proto udp
remote ***.duckdns.org 1194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberry_0c2fd00d-ea72-461a-b4e5-d72acd0435f1 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
***
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
***
-----END OpenVPN Static key V1-----
</tls-crypt>[/oconf=]
[/quote]
Top
Post Reply

Return to “Server Administration”