Route all network traffic from LAN clients trough VPN

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dyzzy
OpenVpn Newbie
Posts: 2
Joined: Fri Jan 26, 2024 9:41 am

Route all network traffic from LAN clients trough VPN

Post by dyzzy » Fri Jan 26, 2024 10:36 am

Hello,
We want to route all the network traffic from LAN clients in our office, trough a server that we have in datacenter. Both servers are Linux.
- Office Server - Firewall, Gateway, Router, OpenVpn - 2 NIC (LAN and WAN)
- Datacenter Server - Firewall, OpenVPN - 1 NIC (WAN)
OpenVPN GUI Windows clients can connect to DC Server and using the IP adress of the server for surfing the web, based on a .ovpn profile created on DC Server.
Office Server can connect to DC Server with .ovpn profile, but internet connection drops on the LAN clients and Office Server, no ping, no web, etc.

Command runing on Office Server to connect the VPN:
openvpn --config /profile.ovpn

OpenVPN IP server DC and Office - 10.8.0.0 255.255.255.0
LAN Clients IP - 192.168.1.1

We are missing something in firewall? Bellow are the .conf files.

Datacenter Server

Code: Select all

port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 127.0.0.1"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_WyjUxb7Elz9BlbC5.crt
key server_WyjUxb7Elz9BlbC5.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Office Server

Code: Select all

port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 127.0.0.1"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_Gk6t5H3UBllx0ntK.crt
key server_Gk6t5H3UBllx0ntK.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Office Server .ovpn profile to connect to DC Server

Code: Select all

client
proto udp
explicit-exit-notify
remote *DC-Server-IP-Adress* 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_WyjUxb7Elz9BlbC5 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
Top
dyzzy
OpenVpn Newbie
Posts: 2
Joined: Fri Jan 26, 2024 9:41 am

Re: Route all network traffic from LAN clients trough VPN

Post by dyzzy » Fri Jan 26, 2024 2:09 pm

Update:
If we remove:

Code: Select all

topology subnet
from server.conf of DC Server, everything is working fine, all LAN traffic from the office is routed trough the VPN, trough DC Server.
LAN clients can acces internet trough VPN with the IP of DC Server.
Any sugestions?
Top
Post Reply

Return to “Configuration”