The machine behind VPN server can access client and machine behind client. The client and machines behind client can access the machine behind the VPN server. The client itself can access the services running on VPN server and any machine behind the server, such as ssh, ftp etc, but machines behind the client cannot. Is anything wrong with my config.
BTW, Client connect to server through internet. I map 1194 port on the server side gateway to vpn server. Machines behind the client can ping server and machine behind server.
My environment list below
Server:
- OS: FreeBSD, no iptable running, ip-forward configured
- IP: 192.168.1.2, the gateway is a router on 192.168.1.1 with static rout rule: 192.168.2.* to 192.168.1.2, 192.168.127.* to 192.168.1.2
- vpn running on subnet 192.168.127.*
- server config:
Code: Select all
port 1194
proto tcp
dev tun
ca easy-rsa/keys/ca.crt
cert easy-rsa/keys/server.crt
key easy-rsa/keys/server.key
dh easy-rsa/keys/dh1024.pem
server 192.168.127.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 192.168.2.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
client-config-dir ccd
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3
- content in client ccd file
Code: Select all
iroute 192.168.2.0 255.255.255.0- OS: Windows 7, ip-forward configured
- IP: 192.168.2.2, the gateway is a router on 192.168.2.1 with static rout rule: 192.168.1.* to 192.168.2.2 and 192.168.127.* to 192.168.2.2
- client config:
Code: Select all
client
dev tun
proto tcp
remote server_ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ../keys/ca.crt
cert ../keys/CakeForYou-Server.crt
key ../keys/CakeForYou-Server.key
ns-cert-type server
comp-lzo
verb 3