Connecting 2 Clients to Server and accessing the network behind these clients

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
DateMike
OpenVpn Newbie
Posts: 7
Joined: Mon Dec 05, 2016 4:07 pm

Connecting 2 Clients to Server and accessing the network behind these clients

Post by DateMike » Mon Dec 05, 2016 4:18 pm

Hi Guys,

Basically, I have a CentOS 6 Hosted Server, it is running a piece of software that monitors devices via SNMP.
I have two branches that are remote to where the server is hosted and hence have created a VPN between these two branches to get them to talk to the server.
- I have installed OVPN on my server - All good.
- I installed OVPN client on to a Mikrotik Router (Mikrotik A) and connected the router to the server via VPN - All good
- I created a route on my CentOS server to search for the Network beyond Mikrotik A and was able to find the network and devices on the network - All good. (The network behind the router is 10.0.0.0/24)
- I installed OVPN on to the second Mikrotik Router (Mikrotik B) and connected to the server via VPN - All good.
- I created a route on my CentOS server to search for the Network beyond Mikrotik B and was not able to find the network and devices on the network - Not All good (The network behind the router is 10.0.1.0/24)

Any ideas on what to do here so I can view the devices on both networks and in the future, more networks.

Thanks,


DateMike
OpenVpn Newbie
Posts: 7
Joined: Mon Dec 05, 2016 4:07 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by DateMike » Tue Dec 06, 2016 10:15 am

Hi, Please see below post for config files, apologies for the incorrect 1st post:

Server Configuration File on CentOS6 v openvpn-2.3.12-1.e16.x86_64
SERVER
1
port 443
2
proto tcp-server
3
dev tun
4
ca ca.crt
5
cert server.crt
6
key server.key
7
dh dh2048.pem
8
topology subnet
9
server 10.8.0.0 255.255.255.0
10
ifconfig-pool-persist ipp.txt
11
client-config-dir ccd
12
route a.b.c.d 255.255.255.0
13
route e.f.g.h 255.255.255.0
14
client-config-dir ccd
15
route 10.2.0.0 255.255.255.0
16
route 10.1.0.0 255.255.255.0
17
push "redirect-gateway def1 bypass-dhcp"
18
push "dhcp-option DNS 8.8.8.8"
19
push "dhcp-option DNS 8.8.4.4"
20
client-to-client
21
keepalive 10 120
22
user nobody
23
group nobody
24
persist-key
25
persist-tun
26
status openvpn-status.log
27
verb 4
Server Log:

Code: Select all

OpenVPN CLIENT LIST
Updated,Tue Dec  6 11:50:43 2016
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
VPN1,Real address 1,9969,9368,Tue Dec  6 11:43:43 2016
VPN2,Real address 2,7445,7240,Tue Dec  6 11:43:42 2016
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
a.b.c.d/24,VPN1,Real Address 1,Tue Dec  6 11:43:45 2016
10.1.0.1,VPN1,Real address 1,Tue Dec  6 11:50:33 2016
10.2.0.1,VPN2,Real address 2,Tue Dec  6 11:49:57 2016
e.f.g.h/24,VPN2,Real address 2,Tue Dec  6 11:43:44 2016
GLOBAL STATS
Max bcast/mcast queue length,0
END
VPN1 Client Info (comes from Mikrotik RB951G-2HnD terminal)
CLIENT
1
Flags: X - disabled, R - running
2
0 R name="myvpn1" mac-address=MACADDRESS max-mtu=1500
3
connect-to=x.x.x.x port=443 mode=ip user="vpnuser"
4
password="vpnpass" profile=OVPN-Client certificate=VPN1 auth=sha1
VPN2 Client Info (comes from Mikrotik RB951G-2HnD terminal)
CLIENT
1
Flags: X - disabled, R - running
2
0 R name="myvpn2" mac-address=MAC ADDRESS max-mtu=1500
3
connect-to=x.x.x.x port=443 mode=ip user="vpnuser"
4
password="vpnpass" profile=OVPN-client certificate=VPN2 auth=sha1
Not sure how to get Client logs from Mikrotik Router.

I would like to access the devices behind both the VPN1 and VPN2 routers.
I have added two files to the /ccd directory containing the following:
VPN1 ccd file

Code: Select all

ifconfig-push 10.1.0.1 10.1.0.2
iroute a.b.c.d 255.255.255.0
VPN2 ccd file

Code: Select all

ifconfig-push 10.2.0.1 10.2.0.2
iroute e.f.g.h 255.255.255.0
Route table created by ovpn on CentOS server

Code: Select all

10.2.0.0/24 via 10.8.0.2 dev tun0
a.b.c.d/24 via 10.8.0.2 dev tun0
e.f.g.h/24 via 10.8.0.2 dev tun0
10.8.0.0/24 dev tun0  proto kernel  scope link  src 10.8.0.1
10.1.0.0/24 via 10.8.0.2 dev tun0
I am able to ping a device on the a.b.c.d network via my CentOS server but unable to ping a device on the e.f.g.h network.

regards,

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by TinCanTech » Tue Dec 06, 2016 11:47 am

DateMike wrote:I created a route on my CentOS server to search for the Network beyond Mikrotik B and was not able to find the network and devices on the network - Not All good (The network behind the router is 10.0.1.0/24)
DateMike wrote:I have added two files to the /ccd directory containing the following:
VPN1 ccd file

Code: Select all
ifconfig-push 10.1.0.1 10.1.0.2
iroute a.b.c.d 255.255.255.0

VPN2 ccd file

Code: Select all
ifconfig-push 10.2.0.1 10.2.0.2
iroute e.f.g.h 255.255.255.0
I presume the network in question is e.f.g.h ?

Is the Mikrotik Router the default gateway for the client LAN ?

DateMike
OpenVpn Newbie
Posts: 7
Joined: Mon Dec 05, 2016 4:07 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by DateMike » Tue Dec 06, 2016 11:57 am

Hi TinCan,

Yea, trying to access the devices on the e.f.g.h network.

The Mikrotik router is not the default gateway for either of the client LANs.

They are connected to a normal ISP router which is the default gateway for each LAN.

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by TinCanTech » Tue Dec 06, 2016 5:49 pm

The client LAN machines need a route for the VPN.

DateMike
OpenVpn Newbie
Posts: 7
Joined: Mon Dec 05, 2016 4:07 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by DateMike » Tue Dec 06, 2016 6:06 pm

So do I add a route on the Mikrotik router for e.f.g.h through 10.2.0.1?

DateMike
OpenVpn Newbie
Posts: 7
Joined: Mon Dec 05, 2016 4:07 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by DateMike » Wed Dec 07, 2016 6:02 am

What I don't get is how I can access the a.b.c.d network and using the exact same setup can't access the e.f.g.h network...

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by TinCanTech » Wed Dec 07, 2016 11:33 am

Probably, because your client networks are not configured in the same way.

DateMike
OpenVpn Newbie
Posts: 7
Joined: Mon Dec 05, 2016 4:07 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by DateMike » Wed Dec 07, 2016 11:43 am

But the only difference in the two networks is one is a.b.c.d and the other is e.f.g.h

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by TinCanTech » Wed Dec 07, 2016 11:52 am

The only difference you are aware of ..

Can you ping from the server to the LAN IP of Mikrotik B router ?

DateMike
OpenVpn Newbie
Posts: 7
Joined: Mon Dec 05, 2016 4:07 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by DateMike » Wed Dec 07, 2016 12:02 pm

I can ping the LAN IP of the Mikrotik B router

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting 2 Clients to Server and accessing the network behind these clients

Post by TinCanTech » Thu Dec 08, 2016 11:50 am

TinCanTech wrote:The client LAN machines need a route for the VPN.
They all need a route.

Post Reply