Configure routes in OpenVPN

networking vpn routing openvpn
5,522

Based on your description, it sounds like this is a routing problem. OpenVPN clients (on the 10.8.0.0/24 subnet) can route packets to your local network (on 10.50.60.0/24), but packets from the local network don't know how to go back in the reverse direction (to 10.8.0.0/24). Just to be perfectly clear, this is not an OpenVPN problem.

The simplest fix is: Add a static route on the 10.50.60.0/24 subnet's default gateway (the FIOS router, I think) that forwards any traffic destined for the 10.8.0.0/24 subnet to the OpenVPN server (10.50.60.160). Hosts on the 10.50.60.0/24 subnet already send all of their non-local traffic (everything besides 10.50.60.0/24) to the default gateway. Once you tell that default gateway that it can reach the OpenVPN subnet via 10.50.60.160, those packets should just start flowing.

You'll have to look at your FiOS router documentation for specific instructions on how to set up a static route. Usually, you need to supply 3 parameters for to define the new static route: a gateway (or router) IP address; a destination network IP address; and a destination network subnet mask. In your case:

  • The gateway will just be '10.50.60.160', the IP of the OpenVPN server.
  • The destination network address will be the OpenVPN subnet IP, '10.8.0.0/24'.
  • The destination network subnet mask will be '255.255.255.0'.

The FiOS router's user interface might expect the destination network address and subnet mask together, like '10.8.0.0/255.255.255.0', in CIDR notation as '10.8.0.0/24'. If you can't figure it out from the docs, and if Verizon tech support fails you, I would suggest trying Google.

You can confirm my diagnosis with a 'tcpdump' session on the OpenVPN server (10.50.60.160). Assuming that the 10.50.60.160 address is on the device named 'eth0', you would run:

tcpdump -n -e -i eth0 -s0 icmp

with root privileges. Then, start a 'ping' session from your OpenVPN client to another host on the 10.50.60.0/24 subnet (the FIOS router, 10.50.60.1, should work fine). You should see the ICMP ECHO REQUEST packets from the OpenVPN client to 10.50.60.1 (or whatever target you chose), but not the ICMP ECHO REPLY packets in the reverse direction.

If you have another host on the 10.50.60.0/24 subnet (besides the FiOS router) with 'tcpdump' installed, you might also want to try running that same command line on it, while pinging from your OpenVPN client. If I'm correct, you'll see the client's ICMP ECHO REQUEST packets arriving, as before, plus some outbound ICMP ECHO REPLY packets with the OpenVPN client's IP and the FiOS router's MAC address.

Share:
5,522

Related videos on Youtube

Community
Author by

Community

Updated on September 17, 2022

Comments

  • Community
    Community over 1 year

    Possible Duplicate:
    Configure routes in OpenVPN

    I am trying to figure out how to setup routing on OpenVPN.

    I have successful connection between client (OS X Snow Leopard) and server (OS X Leopard Server), and each can ping the other. However, I am wanting the connecting client to be able to access other machines on the network.

    Here is how my network is laid out. On the server side there is a Verizon Fios router that has a public dynamic IP address (which I know through DynDNS.org), and an internal address of 10.50.60.1. The router is configured with a machine in the DMZ of 10.50.60.160.

    This machine (10.50.60.160) is hosting OpenVPN and all other machines I want to connect to are on the 10.50.60.x network.

    The client is connecting in from different locations (although the one I am testing from right now has assigned me the address of 10.1.5.11.

    OpenVPN is configured to work on the 10.8.0.0 network and assigns IP addresses successfully to the client machine. I have done it this way because of what I have read. I am fine changing this anyway that is needed to work. I have attached the server config file below, as you can probably see from the ‘push’ and ifconfig entries I am not quite sure what I am doing. Can you let me know how I would configure this so that once the VPN is connected I can ping and access 10.50.60.160 and my other machines on the 10.50.60.x network?

    My server config file is as follows:

    dev tun
tls-server
ca /etc/openvpn/openvpn2/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/openvpn2/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/openvpn2/easy-rsa/2.0/keys/server.key  # This file should be kept secret
dh /etc/openvpn/openvpn2/easy-rsa/2.0/keys/dh1024.pem
verb 3
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
server 10.8.0.0 255.255.255.0
push "route 10.50.60.0 255.255.255.0"
push "ifconfig 10.50.60.0 10.8.0.1"
ifconfig 10.8.0.1 10.50.60.0
duplicate-cn
max-clients 5
ifconfig-pool-persist /etc/openvpn/ipp.txt

    Any help would be really appreciated.

    Thanks

    Pete

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

OpenVPN connecting but no internet access on Ubuntu 16.04 / 18.04 / 20.04
Split tunnel routing a specific port over OpenVPN on Ubuntu Server 12.04
Only routing certain traffic through VPN
openvpn - How to set client to use local gateway? aka use connection for resources on its network only
OpenVPN without NAT
Yet another routing issue in OpenVPN - Cannot access local machines while on VPN
Peering two sites in a VPN: DIY mode with twin Raspberry Pi
Access Client side LAN on VPN server
Setting up bridged OpenVPN server with single public IP NIC
Routing a particular subnet into a VPN tunnel