OpenVPN Support Forum

Hi everyone and thanks in advance for any help.

I'm struggling with an OpenVPN configuration quite unusual for my experience.
Basically it's a vpn between my HQ and a cloud instance, monitoring and backups have to be done on a couple of HQ hosts, one of these is a vpn endpoint.
This is the basic architecture:

OpenVPN tunnel works, to make the client able to reach the eth0 interface on the cloud instance I added push "route 10.1.0.4 255.255.255.255" to the server.conf on the cloud instance.

My problem is that I can't reach the HQ OpenVPN endpoint eth0 interface and the backup host interface from the cloud instance (OpenVPN server). I tried to add route 10.62.15.154 255.255.255.255 to the server.conf on the instance but this resulted in a record on my cloud instance routing table which is quite strange, because there's no interface with 10.30.41.2 ip address.
Do you have any suggestions to solve this problem?

Thanks

This is all in the howto.

You need setting up site to site connection to make it work for you. now from openvpn client it can ping every host but from outside connected to openvpn server cant ping back up host why?

First the openvpn server dont have any info route of back up host so it will not route to it, you can try from windows command line as tracert 10.62.15.140 and route stop at 10.30.41.1 . so you need to add this route to server config

route 10.62.15.0 255.255.255.0

What gateway route add to ? It must be openvpn client ip so it can route to it IP range .You need iroute conmand in CDD folder on openvpn server . The most important thing is name of certificate of client as file name on CDD folder so when openvpn client connect to it know which gateway it add into so the command inside client name as .

iroute 10.62.15.0 255.255.255.0

After that if you tracert again 10.62.15.0 it will stop at openvpn client 10.30.41.254 because at openvpn client you didnot nat and ipforward as server . Just do one thing nat and ipforward as you do the same in server so it will work for you.

so this is all you need to do and it will work for you.open server config add this

route 10.62.15.0 255.255.255.0

Inside openvpn folder create a folder name CCD . inside that folder and create a name as client certificate and open that file add this line.

iroute 10.62.15.0 255.255.255.0


At the client just do NAT and IPforward as you do with openvpn server and it should do for you .

300000 wrote: ↑

Fri Aug 20, 2021 2:17 pm

SNIP

so this is all you need to do and it will work for you.open server config add this

route 10.62.15.0 255.255.255.0

Inside openvpn folder create a folder name CCD . inside that folder and create a name as client certificate and open that file add this line.

iroute 10.62.15.0 255.255.255.0


At the client just do NAT and IPforward as you do with openvpn server and it should do for you .

That worked perfectly! Thank you very much!