VPN routing to LAN in tap

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
gucio1200
OpenVpn Newbie
Posts: 2
Joined: Mon Dec 19, 2011 5:40 pm

VPN routing to LAN in tap

Post by gucio1200 » Mon Dec 19, 2011 5:49 pm

Hi i have small problem, server works properly, client can connect. But i can not establish connection between lan and vpn. /etc/network/interfaces looks:

auto vmbr0
iface vmbr0 inet static
address 10.0.11.1
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 10.0.1.1
netmask 255.255.255.0
broadcast 10.0.1.255
bridge_ports tap0
bridge_stp off
bridge_fd 0
pre-up /usr/sbin/openvpn --mktun --dev tap0
pre-down /usr/sbin/openvpn --rmtun --dev tap0

openvpn server config:
port 1194
proto udp
dev tap0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/VPN.crt
key /etc/openvpn/keys/VPN.key
dh /etc/openvpn/keys/dh1024.pem
tls-auth /etc/openvpn/keys/ta.key 0
cipher AES-256-CBC
ifconfig-pool-persist ipp.txt
server-bridge 10.0.1.1 255.255.255.0 10.0.1.100 10.0.1.120
#route 10.0.11.0 255.255.255.0 10.0.1.1
#route 10.0.1.0 255.255.0.0 10.0.1.1
push "route 10.0.11.0 255.255.255.0"
push "route 10.0.1.0 255.255.255.0"
#client-config-dir /etc/openvpn/ccd
user nobody
group users
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
#status openvpn-status.log
#log-append openvpn.log
verb 3
script-security 2

client :
ca "C:\\Program Files\\OpenVPN\\config\\HASZ\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\HASZ\\gucio.crt"
comp-lzo
dev tap
group nobody
keepalive 15 120
key "C:\\Program Files\\OpenVPN\\config\\HASZ\\gucio.key"
ns-cert-type server
persist-key
persist-local-ip
persist-tun
pull
remote XXX
cipher AES-256-CBC
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\HASZ\\ta.key" 1
user nobody
verb 3

So connect i would like to achieve is vpn client-> vpn server -> lan

How to set routing beetwen vpn client and lan connected to vpn server ? Well i can ping eth1 from client vpn but next machine for exp. with 10.0.11.2 can not which is connected by crossover cable to the next pc.

IT IS SERVER ROUTING TABLE
10.0.1.0 * 255.255.255.0 U 0 0 0 vmbr1
10.0.11.0 * 255.255.255.0 U 0 0 0 vmbr0
default static.193.57.9 0.0.0.0 UG 0 0 0 eth0

CLIENT ROUTING TABLE

===========================================================================
Aktywne trasy:
Miejsce docelowe w sieci Maska sieci Brama Interfejs Metryka

0.0.0.0 0.0.0.0 192.168.0.150 192.168.0.44 25
10.0.1.0 255.255.255.0 10.0.1.100 10.0.1.100 30
10.0.1.0 255.255.255.0 10.0.1.1 10.0.1.100 1
10.0.1.100 255.255.255.255 127.0.0.1 127.0.0.1 30
10.0.11.0 255.255.255.0 10.0.1.1 10.0.1.100 1
10.255.255.255 255.255.255.255 10.0.1.100 10.0.1.100 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.44 192.168.0.44 25
192.168.0.44 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.44 192.168.0.44 25
224.0.0.0 240.0.0.0 10.0.1.100 10.0.1.100 30
224.0.0.0 240.0.0.0 192.168.0.44 192.168.0.44 25
255.255.255.255 255.255.255.255 10.0.1.100 10.0.1.100 1
255.255.255.255 255.255.255.255 192.168.0.44 10005 1
255.255.255.255 255.255.255.255 192.168.0.44 192.168.0.44 1
Domyślna brama: 192.168.0.150.
===========================================================================
Trasy trwałe:
Brak
Top
gucio1200
OpenVpn Newbie
Posts: 2
Joined: Mon Dec 19, 2011 5:40 pm

Re: VPN routing to LAN in tap

Post by gucio1200 » Mon Dec 19, 2011 8:20 pm

Solved
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -o vmbr0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.0.11.0/24 -o vmbr1 -j MASQUERADE

:)
Top
Post Reply

Return to “Configuration”