Background
Remote LAN 192.168.0.0/24 (unadvisable but not my issue currently)
Remote LAN Gateway is Ubiquiti EdgeRouter Lite @ 192.168.0.1 (serving dhcp)
Remote VPN Server: 192.168.0.46
Server software OpenVPN v2.6.9 on a Windows 10 machine (reserved)
Client LAN 192.168.1.0/24
Client Gateway: 192.168.20.1
Client software OpenVPN Connect 3.4.4 on a Windows 11 machine
(conf's further below)
Objective
The objective is to have access to the entire remote LAN from the client, preferably as a split-tunnel.
There is no need for the remote LAN to have access to have access to the client network.
Problem
Based on the below configuration, the client is connecting to the vpn gateway, receives the IP address 10.8.0.2 and the split tunnel seems to work as I retain the client network gateway public IP address.
I am able to connect to the VPN Gateway (Win10) server via its 10.8.0.1 address
The problem is I am unable to access any of the additional machines on the remote LAN.
I have enabled IP Forwarding on the VPN Gateway (Win10) machine.
I have also tried setting a static route in the EdgeRouter for 10.8.0.0/24 => 10.8.0.1 (and also tried => 192.168.0.46 - yes, i'm confused about that - have left as the latter) but neither appears to make a difference.
Server.ovpn
port 62784
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Client.ovpn
client
dev tun
proto udp
remote office.<mydomain>.com.au 62784
resolv-retry infinite
nobind
persist-key
persist-tun
ca "D:\\Documents\\CDS\\OpenVPNClient\\ca.crt"
cert "D:\\Documents\\CDS\\OpenVPNClient\\client.crt"
key "D:\\Documents\\CDS\\OpenVPNClient\\client.key"
remote-cert-tls server
cipher AES-256-CBC
verb 3
Server route print
Code: Select all
===========================================================================
Interface List
8...........................Wintun Userspace Tunnel
10...b8 ae ed 7f 5e 28 ......Intel(R) Ethernet Connection (3) I218-V
15...00 ff c7 05 08 9f ......TAP-Windows Adapter V9
17...........................OpenVPN Data Channel Offload
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.46 25
10.8.0.0 255.255.255.0 On-link 10.8.0.1 281
10.8.0.1 255.255.255.255 On-link 10.8.0.1 281
10.8.0.255 255.255.255.255 On-link 10.8.0.1 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.0.0 255.255.255.0 On-link 192.168.0.46 281
192.168.0.46 255.255.255.255 On-link 192.168.0.46 281
192.168.0.255 255.255.255.255 On-link 192.168.0.46 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.8.0.1 281
224.0.0.0 240.0.0.0 On-link 192.168.0.46 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.8.0.1 281
255.255.255.255 255.255.255.255 On-link 192.168.0.46 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
15 281 fe80::/64 On-link
10 281 fe80::/64 On-link
10 281 fe80::e46:f575:e2d:5f24/128
On-link
15 281 fe80::e80f:b4c6:12c:1d68/128
On-link
1 331 ff00::/8 On-link
15 281 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Code: Select all
===========================================================================
Interface List
18...00 ff c0 e8 4b 24 ......TAP-Windows Adapter V9 for OpenVPN Connect
15...00 ff af d4 12 25 ......Private Internet Access Network Adapter
17...........................OpenVPN Data Channel Offload
19...6c a1 00 05 42 8b ......Microsoft Wi-Fi Direct Virtual Adapter
12...6e a1 00 05 42 8a ......Microsoft Wi-Fi Direct Virtual Adapter #2
13...6c a1 00 05 42 8a ......Intel(R) Wi-Fi 6 AX200 160MHz
10...6c a1 00 05 42 8e ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.20.1 192.168.20.5 45
10.8.0.0 255.255.255.0 On-link 10.8.0.2 257
10.8.0.2 255.255.255.255 On-link 10.8.0.2 257
10.8.0.255 255.255.255.255 On-link 10.8.0.2 257
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.0.0 255.255.255.0 10.8.0.1 10.8.0.2 257
192.168.20.0 255.255.255.0 On-link 192.168.20.5 301
192.168.20.5 255.255.255.255 On-link 192.168.20.5 301
192.168.20.255 255.255.255.255 On-link 192.168.20.5 301
203.xxx.xxx.xxx 255.255.255.255 192.168.20.1 192.168.20.5 301
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.8.0.2 257
224.0.0.0 240.0.0.0 On-link 192.168.20.5 301
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.8.0.2 257
255.255.255.255 255.255.255.255 On-link 192.168.20.5 301
===========================================================================
Persistent Routes:
None