How to configure openvpn routing. Please assist

[markgav]

I would like to ask assistance from more experienced people on the

following issue

I configured client1<-->Server1<--->Router<--->Server2<-->Client2.

All of the machines have routing configured. client1 talks to client2

I installed openvpn-2.3.5 on server1 and on server2.

client1 able to talk to server1 through openvpn-2.3.5

client2 is able to talk to server2 through openvpn-2.3.5


I dont have any idea how to configure client1 *.conf file to

allow client1 to talk to client2 through openvpn-2.3.5.

Please give specific accurate answer, as I dont have any idea how

should i configure routing through openvpn-2.3.5

client1 192.168.227.135
server1 192.168.227.136
192.168.11.15
router 192.168.11.17
192.168.58.133
server2 192.168.58.134
192.168.190.131
client2 192.168.190.132


client1.conf
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 192.168.227.136 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

server1.conf


;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100#
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20


server2.conf
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
ca ca.crt
cert server2.crt
key server2.key # This file should be kept secret
dh dh2048.pem
;topology subnet
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
cript.
;learn-address ./script
;client-to-client
;duplicate-cn
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20


client2.conf
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 192.168.190.134 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

[jscarville]

What are the routes on your router for 10.8.0.0/24 and 10.8.1.0/24?

They each need to point to the correct server.

[Traffic]

Did you read this:

• HOWTO: Expanding the scope of the VPN to include additional machines

[Traffic]

You may also find this helpful:

• https://secure-computing.net/wiki/index ... PN/Routing

[markgav]

Hi jscarville,

Thanks for feedback

I don't exactly understand this question
What do I miss,

The following are routes that currently configured on router
192.168.227.0 192.168.11.15 255.255.255.0 UG 0 0 0 eth0
192.168.190.0 192.168.58.134 255.255.255.0 UG 0 0 0 eth1
192.168.58.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

What should i do

[jscarville]

You are issuing clients addresses on 10.8.0.0/24 or 10.8.1.0/24 but you didn't tell the router where to send packets destined for those addresses. Somewhere you need to add those routes.