How to allow the client reach server entire subnet?

shuji · Post by **shuji** » Wed Nov 17, 2010 4:17 pm

I'm using Ubuntu server 10.04 and a basic experiment with static.keys.
Here's the guide that I followed, http://openvpn.net/index.php/open-sourc ... howto.html.

I was able to configure the openVPN server (LAN: 192.168.25.24, Tun: 10.8.0.1) and the client (Tun: 10.8.0.2). The tunnel was established and I can ping both the server and client. What I'm trying to do now is allow the client to reach other PC's from the servers subnet (192.168.25.0). This requires that I add a static route the server's LAN gateway (192.168.25.1) but this is an IO-DATA wireless router and I cannot add a route (Destination: 10.8.0.2, Gateway: 192.168.25.24).

Question: Is there another way for the client to reach the other PC's from 192.168.25.0 without adding a static route to 192.168.25.1?

Shuji

shuji · Post by **shuji** » Thu Nov 18, 2010 2:20 am

I just thought about this and maybe it will work. Since I cannot add a static route to the gateway IP because it is an IO-DATA wireless router, instead, I will add a static route to the host computer that I want to reach. I'll have to do it on each host that I want to access but it might work. The route will tell the host that if a packet needs to be sent to 10.8.0.2 (client IP) it should be sent to 192.168.25.24 (OpenVPN server's LAN side IP). The server then will use the already established tunnel to send the packet to the client. Hope this works. Will post tonight after I try it.

Post by **krzee** » Thu Nov 18, 2010 3:58 am

you figured it out =]
what you said will work

shuji · Post by **shuji** » Thu Nov 18, 2010 4:54 am

Thanks, krzee. I'm excited to try this when I get home tonight. Will post again whether it works or not.

Shuji

shuji · Post by **shuji** » Thu Nov 18, 2010 4:12 pm

It did work, krzee. But for some reasons I cannot access my router's web management console (192.168.25.1) from the client (10.8.0.2). Anyway, I'll try a more complicated setup and hopefully fix that problem.

Post by **krzee** » Thu Nov 18, 2010 11:50 pm

of course not, your router doesnt have a route to the vpn

shuji · Post by **shuji** » Sat Nov 20, 2010 3:25 pm

Thanks again, krzee. You are right. Next time I buy a wireless router, I'll make sure that it will allow me to add a static route. I thought I could because I can ping the gateway IP (192.168.25.1) from the OpenVPN client (10.8.0.2).

Instead of adding a static route to the gateway IP, I added it to a server I want to access and it did work. I tested the OpenVPN Access Server a couple of weeks ago. Can you help me understand why it can allow clients (bridged or routed) access to the servers subnet (192.168.25.0) without making changes (add static route) to the gateway IP (192.168.25.1) of the server's subnet? Thanks.

Shuji

Post by **krzee** » Sat Nov 20, 2010 8:16 pm

No idea, i dont know about Access Server. You could find out at their support center.
The only guess I have is that they built in the nat-hack, which is for sure not the ideal way to connect lans

OpenVPN Support Forum

How to allow the client reach server entire subnet?

How to allow the client reach server entire subnet?

Re: How to allow the client reach server entire subnet?

Re: How to allow the client reach server entire subnet?

Re: How to allow the client reach server entire subnet?

Re: How to allow the client reach server entire subnet?

Re: How to allow the client reach server entire subnet?

Re: How to allow the client reach server entire subnet?

Re: How to allow the client reach server entire subnet?