Can't establish route to network behid openvpn server

[woland255]

Good day
I have openvpn 2.2.0 on Linux
this is my server config:
port 8080
proto tcp
dev tun
ca ca.crt
cert 192.168.1.110.crt
key 192.168.1.110.key
dh dh1024.pem
topology subnet
# local 192.168.3.110
server 192.168.2.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
client-to-client
keepalive 20 180
comp-lzo
max-clients 10
# tun-mtu 1300
mssfix 1400
tcp-nodelay
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
mute 20

So, server local network is 192.168.3.0/24
VPN network is 192.168.2.0/24

Ip forwarding is enabled:
#cat /proc/sys/net/ipv4/ip_forward
1
local routes:
#ip r
192.168.3.0/24 dev eth0
192.168.2.0/24 dev tun0 src 192.168.2.1
default via 192.168.3.1 dev eth0

I can successfully establish vpn connection from external network to vpn server (local ip of server in vpn is 192.168.2.1). All application work good.
But when I try to access host on server local network (192.168.3.1, for example) I can't do it:
from vpn server:
ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1): 56 data bytes
64 bytes from 192.168.3.1: seq=0 ttl=254 time=0.354 ms
64 bytes from 192.168.3.1: seq=1 ttl=254 time=0.311 ms

from win XP client in external network I can't access 192.168.3.1
===========================================================================
Список интерфейсов
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f b0 fc c5 fa ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - ╠
шэшяюЁЄ яырэшЁют∙шър яръхЄют
0x3 ...00 ff 3a 23 63 8e ...... TAP-Win32 Adapter V9 - ╠шэшяюЁЄ яырэшЁют∙шър яръ
хЄют
===========================================================================
===========================================================================
Active routes:
0.0.0.0 0.0.0.0 10.186.45.254 10.186.45.43 20
10.186.44.0 255.255.254.0 10.186.45.43 10.186.45.43 20
10.186.45.43 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.186.45.43 10.186.45.43 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 30
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 30
192.168.3.0 255.255.255.0 192.168.2.1 192.168.2.3 1 <<<<<<<<<<<<<<<<<<
224.0.0.0 240.0.0.0 10.186.45.43 10.186.45.43 20
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 30
255.255.255.255 255.255.255.255 10.186.45.43 10.186.45.43 1
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
Default Gatweay: 10.186.45.254

tracert 192.168.3.1
1 6 ms 6 ms 6 ms 192.168.2.1
2 * * *
3 * * *

Am I forgot something? What else can be done?
Thank you.

[janjust]

the .3 network most likely is not aware of the VPN IP range (.2) ; you can use either use masquerading to hide the VPN IPs or you can set up a return route on the default GW of the .3 network similar to

Code: Select all

route add -net 192.168.2.0/24 gw 192.168.3.X

where <X> is the LAN IP of the VPN server.

[woland255]

Yes! I forgot back route! Thank you.
PS. What is happening with my head.......