i've setted up an openvpn server in my office where lan endpoints have 192.168.1.1/24; the server itself takes 10.8.0.1 and give to my home PC 10.8.0.6.
The server conf is this:
Server config
local 192.168.1.103
port 1972
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
At my home i also have a lan with the same 192.168.1.1/24 configuration and my conf is:
Client config
client
dev tun
proto udp
remote xxx.yyy.www.zzz 1972
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myname.crt
key myname.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
So at my home i've have 192.168.1.100 that is a NAS and in my office i've 192.168.1.100 that is the file server.
Actually i can reach openvpn server with remote desktop or with windows administrative share 10.8.0.1\c$.
How can I reach my office file server with a translated address like 10.8.0.100 and mapping shared folder when connected with openVPN client?
I'd like to see all my home local lan, surfing on the web with my home gateway but seeing all my office PC's and servers with translated address.
Is that possible?
Thank you for reply.
In this article "i can read In order to avoid routing conflicts one should choose subnets carefully for the networks under ones control" but this alert is too late, my home and office network has the same subnet and i've spent a lot of time for configuring all the things in the 2 networks.
Here, if i've understood, i've to add to server conf the line :
push "route 192.168.1.100 255.255.255.0"
but in this way i can't access from home my NAS that has the same IP.
Is this correct?
Re: Noob question
Posted: Sat Mar 21, 2020 11:16 am
by Pippin
my home and office network has the same subnet and i've spent a lot of time for configuring all the things in the 2 networks.
Your router(s) would be the place to assign an IP address based on MAC and leave all connected hosts on DHCP...
Here, if i've understood, i've to add to server conf the line :
push "route 192.168.1.100 255.255.255.0"
but in this way i can't access from home my NAS that has the same IP.
Is this correct?
my home and office network has the same subnet and i've spent a lot of time for configuring all the things in the 2 networks.
Your router(s) would be the place to assign an IP address based on MAC and leave all connected hosts on DHCP...
Here, if i've understood, i've to add to server conf the line :
push "route 192.168.1.100 255.255.255.0"
but in this way i can't access from home my NAS that has the same IP.
Is this correct?
Thanks for suggestions.
I've also found this thread that seems to be almost my case: viewtopic.php?t=13274
Re: Noob question
Posted: Sat Mar 21, 2020 12:44 pm
by Pippin
I've also found this thread that seems to be almost my case:
viewtopic.php?t=13274
No it's not, stay away from bridging...
Re: Noob question
Posted: Wed Mar 25, 2020 3:46 pm
by GiGiSSiMo
OK so let's continue with TUN.
I've assigned to my OpenVPN Server another IP 172.16.15.103 with another gateway 172.16.15.254 that is now a virtual interface on my Zyxel Firewall.
So my office's LAN is now configured with 4 server with double IP 192.168.1.xxx and 172.16.15.xxx with two gateways: i'm not intersted to other machines so i've leaved with only the first IP range.
I've changed server config with "local 172.16.15.103".
I've changed also push "route 172.16.15.0 255.255.255.0"
Routing is enabled on my server by setting registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\Tcpip\Parameters\IPEnableRouter changing from 0 to 1 and restarted.
I've also added a static route on office gateway (Zyxel Firewall) in this way:
