Client and Server in the same machine and access internal network

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mikacl
OpenVpn Newbie
Posts: 1
Joined: Tue Apr 05, 2022 12:50 am

Client and Server in the same machine and access internal network

Post by mikacl » Wed Apr 20, 2022 12:49 am

Hi folks!

I ask your help to see if you can give me any suggestions on how to solve the following problem:

I have the following network distribution:

192.168.1.200 <--> 172.31.0.6 (Real: 134.x.x.x) <--> 10.8.0.1 (Real: 146.x.x.x) <--> 10.8.0.2

Where:

192.168.1.200: internal network.
172.31.0.6/134.x.x.x: openvpn server (tun1).
10.8.0.1/146.x.x.x: openvpn client and server at the same time (tun0).
10.8.0.2: mobile openvpn client.

Mobile client ping:
10.8.0.2 to 10.8.0.1 OK: (connection from openvpn client to server)
10.8.0.2 to 172.31.0.6 OK: (connection from openvpn client to server)
10.8.0.2 to 192.168.1.200 NOT OK (connection from client to internal network).

What I want is that from the mobile client you can see the internal network 192.168.1.200.

This is the server configuration:

Server Config

local 146.x.x.x
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

# DNS
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 172.31.0.0 255.255.0.0"
route-nopull

# Enable client to client connection
client-to-client
keepalive 10 60
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 4
crl-verify crl.pem


This is the client configuration:
Client Config

dev tun
proto tcp
remote 134.x.x.x 1194
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
client
auth-user-pass userpass.conf
verb 4
auth-retry interact
keepalive 60 120


This is the routes in the server:

default via 146.x.x.x dev ens32 proto static
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
146.x.x.x/29 dev ens32 proto kernel scope link src 146.x.x.x
172.31.0.0/24 via 172.31.0.5 dev tun1
172.31.0.5 dev tun1 proto kernel scope link src 172.31.0.6
192.168.1.0/24 via 172.31.0.5 dev tun1

I think the problem it's something in the definition of the route because with conntrack i can see the packets comming from the mobile client.

Thanx for you help.
Top
Post Reply

Return to “Configuration”