won't see lan behind server

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
unclecameron
OpenVpn Newbie
Posts: 2
Joined: Thu Aug 06, 2009 5:58 pm

won't see lan behind server

Post by unclecameron » Thu Aug 06, 2009 6:31 pm

I'm trying to run

client 192.168.1.0/24-->modem(NAT)-->internet-->firewall(NAT)10.1.2.0/24-->10.1.2.15=openvpn_server-->10.1.2.0/24overvpn

I can connect fine from client to server over tun0 but can't ping any of the other IP's on that subnet

client
/etc/openvpn/tun0.conf

Code: Select all

remote pu.bl.ic.ip
dev tun0
ifconfig 10.1.2.99 10.1.2.15
secret static.key
vi /etc/sysctl.conf
net.ipv4.ip_forward=1

server
/etc/openvpn/tun0.conf

Code: Select all

dev tun0
ifconfig 10.1.2.15 10.1.2.99
push "route 10.1.2.0 255.255.255.0"
secret static.key

vi /etc/sysctl.conf
net.ipv4.ip_forward=1

cat /proc/sys/net/ipv4/ip_forward
1

I've read http://www.secure-computing.net/wiki/in ... PN/Routing probably 5 times, what stupid thing am I missing?
Top
retep
OpenVpn Newbie
Posts: 4
Joined: Wed Jul 29, 2009 6:15 am

Re: won't see lan behind server

Post by retep » Mon Aug 10, 2009 8:50 am

As far as I understood, to "see" a whole lan you either need a bridged configuration (tap not tun) or
configure the routing between lan and vpn-clients (both directions).

In the second case you would need to configure the vpn server as a gateway for the route to
vpn-client(s) on ALL lan computers.
Top
unclecameron
OpenVpn Newbie
Posts: 2
Joined: Thu Aug 06, 2009 5:58 pm

Re: won't see lan behind server

Post by unclecameron » Mon Aug 10, 2009 6:17 pm

If the second one is what I need (since all the servers in the dmz use the firewall gateway 10.1.2.1 and are on the same /24 subnet), is it possible to set up my openvpn box as another gateway? I've also attempted to use iptables masquerade for traffic coming through tun0 to masquerade as eth0 on the openvpn server, but that doesn't seem to work. I've also thought about adding other routes, but since they're all on the same subnet, it doesn't seem to make sense.

If it turns out I really need a bridge instead (because this'll be for road warriors) then I have to figure out how to keep the remote clients on the same subnet as the LAN, which I can't do since they'll be logging on different networks which can't be modified as they travel.
Top
User avatar
ecrist
Forum Team
Posts: 237
Joined: Wed Nov 26, 2008 10:33 pm
Location: Northern Minnesota, USA
Contact:
Contact ecrist

Re: won't see lan behind server

Post by ecrist » Tue Aug 25, 2009 1:26 pm

You need to setup reverse routing for the remainder of the LAN on the server side. They're not going to be able to reply if they don't know how to route for the VPN subnet.

See these:
* OpenVPN Routing
* OpenVPN Bridging
OpenVPN Community Administrator
IRC: #openvpn, #openvpn-devel
Co-Author of Mastering OpenVPN
Author of Troubleshooting OpenVPN
Top
Post Reply

Return to “Configuration”