OpenVPN Support Forum

Dear all,

New to this forum having recently installed OpenVPN between two Linux boxes in different countries.

I have OpenVPN set up and working nicely in routing mode. However when the client box connects to the server, it correctly obtains a VPN IP address over the TUN interface but then seems to ignore any traffic being addressed to it on the local eth0 interface.

In my particular configuration, both the Client and the server machines run a PBX (asterisk). Using the VPN, I can easily connect the client PBX to the Server PBX without problems, but now all of the IP phones on the local client network can no longer connect to the PBX on the local client. I can also no longer log in to the client using SSH on the client network. All communications to and from the client now seem to be routed through the VPN tunnel.

In short, the VPN is working fine and as expected, but the client can no longer see its own local network which it needs to do in order to continue working as a local PBX.

I have been reading about split tunnels and multi-homing, but am really getting confused. Can anybody help with this please?

Kind regards,

Andy

I should perhaps also mention I am using the stock OpenVPN sample server.conf and client.conf files with little modification except: has been added to server.conf.

I understand this causes the clients to execute the appropriate route commands to direct all network traffic via the VPN. I suspect it is this code that needs tweaking but I am not sure what or how.

Also, I have added the following routing to the Server:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

AFAIK this basically routes VPN packets arriving at the server access to the internet, but has no effect on the client. Do I also need to do something with the iptables in the client machine?

Any help is greatly appreciated.

Andy

Also, I have added the following routing to the Server:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

this is NOT a routing rule , its a NAT rule...

Michael.

maikcat wrote: this is NOT a routing rule , its a NAT rule...

Michael.

Thanks for the correction. As you can see I know little about these things.

Either way, I am still looking for a way to get my client to listen on its eth0 interface as well as on the TUN interface if possible.

Many thanks,

Andy

Here is a little more detail on my conf files:

SERVER.CONF: CLIENT.CONF

Thanks Debbie. As I mentioned above...

awoolford wrote: I understand this causes the clients to execute the appropriate route commands to direct all network traffic via the VPN. I suspect it is this code that needs tweaking but I am not sure what or how.

Thing is, I have other clients which need this line. But the particular client I am having issues with does not. Are there any client specific settings I could use which would allow this client to respond to traffic on its local LAN as well as connect to the server?

I am sorry to be rather clueless here. I am not a programmer, but I am quite good at following instructions...

Sent from my GT-I9505 using Tapatalk