Hi thanks for a wonderful piece of solution.
My scenario:
A. VPS in US with openvpn server (Openvpn 10.0.2.0/24)
B. Router 1 with ddwrt in Canada (LAN 10.0.1.0/24)
C. Router 2 with ddwrt in India (LAN 10.0.3.0/24) is not deployed as of now.
Currently what is working:
a. Server can ping Router 1 on both ips 10.0.2.2 and 10.0.1.1
b. Router 1 can ping Server on ip 10.0.2.1
c. Nodes behind Router 1 can access Server at 10.0.2.10
What is not working:
a. Server unable to access nodes and services behind Router 1
b. I have a node with samba running which i want to map to my server is that possible?
and what I want:
a. Node behind router 1 should be able to access nodes behind router 2
b. Creating RDP session (from nodes behind router 1) for remote assisstance to nodes behind router 2
xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx
My server configuration:
========================
local xx.xx.xx.xx # Server IP address through which you connect, replace this with yours
port 1194 # Port the server runs on (default)
proto udp # Protocol to use (default)
#dev tap
dev tun
#push "redirect-gateway def1" # Push some options to the client
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
topology subnet
#topology p2p
keepalive 10 120 # When should we disconnect a client?
comp-lzo # Enable compression
user nobody # Run as user nobody
group nogroup # Run as group nobody
persist-key # Avoid trying to access unavailable resources after a restart
persist-tun # Avoid trying to access unavailable resources after a restart
status openvpn-status.log # Status log for active connections
verb 3 # Log verbosity level
mute 20 # Limit the number of repeating messages
script-security 2 # Set the security level for the usage of external programs and scripts
tun-mtu 1590
tls-server
ca /etc/openvpn/rsa/keys/ca.crt
dh /etc/openvpn/rsa/keys/dh1024.pem
cert /etc/openvpn/rsa/keys/cmtp.server.crt
key /etc/openvpn/rsa/keys/cmtp.server.key
tls-auth /etc/openvpn/rsa/keys/ta.key 0
server 10.0.2.0 255.255.255.0
status openvpn-status.log # Status log for active connection
log /var/log/openvpn.log # Append the OpenVPN log rather then starting with a new one every time you restart
cipher aes-128-cbc
client-config-dir /etc/openvpn/ccd
client-to-client
#ROUTING TABLES
route 10.0.1.0 255.255.255.0 10.0.1.1
push "route 10.0.2.0 255.255.255.0"
xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx
My client configuration:
========================
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp
cipher aes-128-cbc
auth sha1
remote xx.xx.xx.xx 1194
comp-lzo no
tun-mtu 1590
mtu-disc yes
fast-io
tun-ipv6
tls-auth /tmp/openvpncl/ta.key 1
route-nopull
route xx.xx.xx.xx 255.255.255.255 net_gateway
###
### OpenVPN routes
###
# amazon ec2 (us)
route 23.20.0.0 255.252.0.0 vpn_gateway
route 50.16.0.0 255.252.0.0 vpn_gateway
route 50.112.0.0 255.255.0.0 vpn_gateway
route 54.224.0.0 255.240.0.0 vpn_gateway
route 54.240.0.0 255.240.0.0 vpn_gateway
route 67.202.0.0 255.255.192.0 vpn_gateway
route 72.44.32.0 255.255.224.0 vpn_gateway
route 75.101.128.0 255.255.128.0 vpn_gateway
route 107.20.0.0 255.252.0.0 vpn_gateway
route 174.129.0.0 255.255.0.0 vpn_gateway
route 184.72.0.0 255.254.0.0 vpn_gateway
route 184.169.128.0 255.255.128.0 vpn_gateway
route 204.236.128.0 255.255.128.0 vpn_gateway
# amazon ec2 (eu)
route 46.51.128.0 255.255.192.0 vpn_gateway
route 46.51.192.0 255.255.240.0 vpn_gateway
route 46.137.0.0 255.255.128.0 vpn_gateway
route 46.137.128.0 255.255.192.0 vpn_gateway
route 79.125.0.0 255.255.128.0 vpn_gateway
route 176.34.64.0 255.255.192.0 vpn_gateway
route 176.34.128.0 255.255.128.0 vpn_gateway
# netflix
route 108.175.32.0 255.255.240.0 vpn_gateway
route 208.75.76.0 255.255.252.0 vpn_gateway
route 64.212.0.0 255.252.0.0 vpn_gateway
route 199.92.0.0 255.252.0.0 vpn_gateway
route 206.32.0.0 255.252.0.0 vpn_gateway
route 209.244.0.0 255.252.0.0 vpn_gateway
route 68.142.64.0 255.255.192.0 vpn_gateway
route 69.28.128.0 255.255.192.0 vpn_gateway
route 69.164.0.0 255.255.192.0 vpn_gateway
route 208.111.128.0 255.255.192.0 vpn_gateway
route 128.242.0.0 255.255.0.0 vpn_gateway
route 204.0.0.0 255.252.0.0 vpn_gateway
route 204.141.0.0 255.255.0.0 vpn_gateway
route 204.200.0.0 255.252.0.0 vpn_gateway
route 208.44.0.0 255.252.0.0 vpn_gateway
iptables NAT on Openvpn Server
========================
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.2.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables FORWARD on Router 1 (Openvpn Client)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * tun1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- tun1 * 0.0.0.0/0 0.0.0.0/0
1039 868K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT 47 -- * vlan2 10.0.1.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan2 10.0.1.0/24 0.0.0.0/0 tcp dpt:1723
85 7202 lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
85 7202 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
85 7202 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
iptables NAT on Router 1 (Openvpn Client)
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT 0 -- 10.0.1.0/24 anywhere to:xx.xx.xx.xx #public ip
MASQUERADE 0 -- anywhere anywhere mark match 0x80000000/0x80000000
MASQUERADE 0 -- anywhere anywhere
Server unable to access nodes behind client openvpn router
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
harshdevx
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Nov 27, 2014 2:15 pm