Source IP is always VPN Server IP?

[zstarman]

Hey there, I am fairly new..

I setup an OpenVPN server, IP is 72.22.22.2 (just an example) and have a client successfully connected with the default VPN 5.5.8.4 IP address.

I know the VPN server is working because I my client is connecting externally, and able to ping my inside networked devices using "ping -S 5.5.8.4 192.168.0.1" in command prompt.

I noticed that through TCPDumps that my echo-requests seem to be originating from the VPN-Server's IP (72.22.22.2) rather than 5.5.8.4 ? Is this normal behavior?
I was planning on setting up static IP's per user. I would allow users to access the subnets I want and then I would add specific firewall rules in our firewall.

Ex: 5.5.8.4(user joe) allow to 192.168.0.5 on port 22
but deny 5.5.8.5(user Diana) DENY to 192.168.0.5 port 22

But if the source IP is always going to be stuck at 72.22.22.2 I am a little unsure how I will restrict access?


Is there even such thing as having the IP originate from the VPN pool IP?

Thanks for any help, be gentle......

[zstarman]

SOLVED: VPN Settings -> Routing -> Changed to Yes, using routing (advanced)

Added the subnet I wanted allowed.

192.168.0.1/24

Connect to VPN, recieve IP of 5.5.8.7.

Ping 192.168.0.7 - FAIL

Firewall shows REJECT 5.5.8.7 to 192.168.0.7

Hell yes.

Now I need to add some FW rules for my new network.

Thanks for any help or anyone who was in the middle of responding

[satvgirl]

Hi,

I was wondering if you knew which parameter was added to your server.conf file when you changed VPN Settings -> Routing -> Changed to Yes, using routing (advanced)? I am having the same issue, but my OpenVPN server is running on Linux, so I do not have the GUI option to make the change.

Thanks.