Routing LANs connected to VPN Server/client (default gw)

[tomason]

Hi,
I have got the VPN Server (172.16.100.254) and its LAN 172.16.100.0/24 and VPN client (172.16.104.254) and its LAN 172.16.104.0/24.
The VPN Server and client are both gateways for their LANs.

When VPN client connects to VPN Server, I've got access from VPN Client to VPN Server and VPN Server LAN, but VPN Client LAN can not access VPN Server or VPN Server LAN.

As a fix I've added those lines on VPN client (I thought it would work):

Code: Select all

iptables -A FORWARD -i br-lan -o tun+ -s 172.16.104.0/24 -d 172.16.100.0/24 -j ACCEPT
iptables -A FORWARD -i tun+ -o br-lan -s 172.16.100.0/24 -d 172.16.104.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

Still can not ping to 172.16.100.0/24 from the 172.16.104.0/24:

Code: Select all

ping 172.16.100.100
Badanie 172.16.100.100 z 32 bajtami danych:
Odpowiedź z 172.16.104.254: Port docelowy jest nieosiągalny. (Destination port unreachable)

route on VPN Client

Code: Select all

root@Gargoyle:/etc/openvpn$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     *               255.255.255.255 UH    0      0        0 3g-wan
172.16.200.38   *               255.255.255.255 UH    0      0        0 tun0
172.16.200.1    172.16.200.38   255.255.255.255 UGH   0      0        0 tun0
172.16.100.0    172.16.200.38   255.255.255.0   UG    0      0        0 tun0
172.16.104.0    *               255.255.255.0   U     0      0        0 br-lan
default         10.64.64.64     0.0.0.0         UG    0      0        0 3g-wan

Can you help me with that?

[maikcat]

post configs,ccd files.

did you enabled ip forwarding on both openvpn endpoints?



Michael.

[Mimiko]

Oh, and a thing that users forget to put to access client's LAN: Did you create a ccd file for the client with the iroute command in it?