Enable Multi-Homed Client

[awoolford]

Dear all,

New to this forum having recently installed OpenVPN between two Linux boxes in different countries.

I have OpenVPN set up and working nicely in routing mode. However when the client box connects to the server, it correctly obtains a VPN IP address over the TUN interface but then seems to ignore any traffic being addressed to it on the local eth0 interface.

In my particular configuration, both the Client and the server machines run a PBX (asterisk). Using the VPN, I can easily connect the client PBX to the Server PBX without problems, but now all of the IP phones on the local client network can no longer connect to the PBX on the local client. I can also no longer log in to the client using SSH on the client network. All communications to and from the client now seem to be routed through the VPN tunnel.

In short, the VPN is working fine and as expected, but the client can no longer see its own local network which it needs to do in order to continue working as a local PBX.

I have been reading about split tunnels and multi-homing, but am really getting confused. Can anybody help with this please?

Kind regards,

Andy

[awoolford]

I should perhaps also mention I am using the stock OpenVPN sample server.conf and client.conf files with little modification except:

Code: Select all

push “redirect-gateway def1″
push “dhcp-option DNS 10.8.0.1″

has been added to server.conf.

I understand this causes the clients to execute the appropriate route commands to direct all network traffic via the VPN. I suspect it is this code that needs tweaking but I am not sure what or how.

Also, I have added the following routing to the Server:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

AFAIK this basically routes VPN packets arriving at the server access to the internet, but has no effect on the client. Do I also need to do something with the iptables in the client machine?

Any help is greatly appreciated.

Andy

[maikcat]

Also, I have added the following routing to the Server:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

this is NOT a routing rule , its a NAT rule...

Michael.

[awoolford]

this is NOT a routing rule , its a NAT rule...

Michael.

Thanks for the correction. As you can see I know little about these things.

Either way, I am still looking for a way to get my client to listen on its eth0 interface as well as on the TUN interface if possible.

Many thanks,

Andy

[awoolford]

Here is a little more detail on my conf files:

SERVER.CONF:

Code: Select all

port 1194

proto udp

dev tun

ca ca.crt
cert server.crt
key server.key  
dh dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push “redirect-gateway def1″
push “dhcp-option DNS 10.8.0.1″

client-to-client

keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log
log-append  openvpn.log

verb 3

CLIENT.CONF

Code: Select all

client

dev tun

proto udp

remote xxx.xxx.xxx.xxx 1194

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert client3.crt
key client3.key

comp-lzo

verb 3

[awoolford]

Thanks Debbie. As I mentioned above...

I understand this causes the clients to execute the appropriate route commands to direct all network traffic via the VPN. I suspect it is this code that needs tweaking but I am not sure what or how.

Thing is, I have other clients which need this line. But the particular client I am having issues with does not. Are there any client specific settings I could use which would allow this client to respond to traffic on its local LAN as well as connect to the server?

I am sorry to be rather clueless here. I am not a programmer, but I am quite good at following instructions...

Sent from my GT-I9505 using Tapatalk