OpenVPN Support Forum

Hi,
I am practicing the openVPN staring from the "Static Key Mini-HOWTO" guide(https://openvpn.net/community-resources ... ini-howto/).
I met an issue of letting the client to access the server's subnet.

My OpenVPN server resides in subnet of 192.168.0.0/8 with gateway Ip of 192.168.0.1 and OpenVPN server installed on a Windows 10 computer with IP of 192.168.0.23.

All tests are fine until trying the Allow client to reach entire server subnet part.

The manual says:
==================================================================
Allow client to reach entire server subnet
Suppose the OpenVPN server is on a subnet 192.168.4.0/24. Add the following to client configuration:

route 192.168.4.0 255.255.255.0
Then on the server side, add a route to the server’s LAN gateway that routes 10.8.0.2 to the OpenVPN server machine (only necessary if the OpenVPN server machine is not also the gateway for the server-side LAN). Also, don’t forget to enable IP Forwarding on the OpenVPN server machine.
=================================================================

So according to the guide above in considering of my real test environment, I took following steps:
Step 1. I added
route 192.168.0.0 255.255.255.0
in .ovpn file of cliemt

Step 2. I added
route 192.168.0.1
in .ovpn file of server


Step 3. I set the value of IPEnableRouter to 1 of Windows 10 computer which hosts the OpenVPN server.


After reconnecting the OpenVpn Server and Client, I was trying to ping a file server of 192.168.0.110 in server subnet, but it was always timer out.

Could I have you help whether some settings are wrong? I guess the step 2 is not correct, but don't know what should be right.

Thanks!

Corydon

First of all, never use 192.168.0.0/24 as your server subnet because you will encounter routing conflicts.

Second, better to start with the full blown server/client setup because that has full documentation.

TinCanTech wrote: ↑

Wed Feb 19, 2020 4:35 pm

First of all, never use 192.168.0.0/24 as your server subnet because you will encounter routing conflicts.

Second, better to start with the full blown server/client setup because that has full documentation.

Thanks for your reply.

I am not so confident to start from full settings. I am trying to add one small change a time to make sure I fully understand what has been done.

I think step 1 and 3 are correct.

for step 2, I don't know the correct statement in the server.ovpn to add a route to the server’s LAN gateway(192.168.0.1) that routes 10.8.0.2 to the OpenVPN server machine(192.168.0.23), could I have your comment?

I will change the ip range later.

Thanks!

192.168.0.0/8

Is a typo?

corydon wrote: ↑

Wed Feb 19, 2020 5:27 pm

for step 2, I don't know the correct statement in the server.ovpn to add a route to the server’s LAN gateway(192.168.0.1) that routes 10.8.0.2 to the OpenVPN server machine(192.168.0.23), could I have your comment?

It is not an openvpn command .. you have to configure the route on your router.

corydon wrote: ↑

Wed Feb 19, 2020 5:27 pm

I will change the ip range later.

Do it now .....

corydon wrote: ↑

Wed Feb 19, 2020 5:27 pm

I am not so confident to start from full settings. I am trying to add one small change a time to make sure I fully understand what has been done.

I still don't understand WTF is going on

Pippin wrote: ↑

Wed Feb 19, 2020 5:35 pm

192.168.0.0/8

Is a typo?

Sorry, it should be 192.168.0.0/24. Thanks!

TinCanTech wrote: ↑

Wed Feb 19, 2020 11:35 pm

corydon wrote: ↑

Wed Feb 19, 2020 5:27 pm

for step 2, I don't know the correct statement in the server.ovpn to add a route to the server’s LAN gateway(192.168.0.1) that routes 10.8.0.2 to the OpenVPN server machine(192.168.0.23), could I have your comment?

It is not an openvpn command .. you have to configure the route on your router.

Thanks. the routing table just specifies the destination ip and ip of next hope. no source ip is needed.
Here is the content of the gateway routing table. Could you advice how to add a route for step 2?

=============================
Current Routing Table
Destination Gateway / Next Hop Subnet Mask Metric Interface
58.35.12.1 * 255.255.255.255 0 ppp0 (WAN)
192.168.0.0 * 255.255.255.0 0 br0 (LAN)
127.0.0.0 * 255.0.0.0 0 lo
default 58.35.12.1 0.0.0.0 0 ppp0 (WAN)


Static Routing Table(Add new route)
Destination Gateway Subnet Mask Metric Interface Description


===============================

Thanks!

corydon wrote: ↑

Thu Feb 20, 2020 2:40 am

Could you advice how to add a route for step 2?

Router specific support is care of: tincanteksup <at> gmail

Hi TinCanTech,

After adding
Destination Gateway Subnet Mask
10.8.0.0 192.168.0.23 255.255.255.0 on the gateway routing table. now I can access local host and internet.
But I have one question, when and where is VPN terminated?


Are there some documents explaining the detail IP flows?

Thanks!

when and where is VPN terminated?

The VPN is terminated on the host running OpenVPN.
Diagram:
https://community.openvpn.net/openvpn/w ... acketsFlow

Are there some documents explaining the detail IP flows?

Search for a routing tutorial online.

Pippin wrote: ↑

Thu Feb 20, 2020 4:43 pm

when and where is VPN terminated?

The VPN is terminated on the host running OpenVPN.
Diagram:
https://community.openvpn.net/openvpn/w ... acketsFlow

Are there some documents explaining the detail IP flows?

Search for a routing tutorial online.

Hi Pippin,

Thanks!

I tested the PKI instead of static, working fine