How to set a correct routing OpenVPN

Frydolin · 07-25-2015, 04:23 AM

Hi i have problem with routing, can you help me pls?

One side server VPS (in ovh), TUN - 10.20.40.0 network - Debian 7
Second side my home router connected as a client to VPN server, addr of LAN network is 10.10.10.0/24. Router firm. - OpenWRT BB.

I want access from VPN server to devicess behind the router (network 10.10.10.0/24). My VPN connection is correctly. From router i can ping a server:

Code:

root@BT:/# ping 10.20.40.1
PING 10.20.40.1 (10.20.40.1): 56 data bytes
64 bytes from 10.20.40.1: seq=0 ttl=64 time=70.864 ms
64 bytes from 10.20.40.1: seq=1 ttl=64 time=74.951 ms
64 bytes from 10.20.40.1: seq=2 ttl=64 time=73.816 ms
64 bytes from 10.20.40.1: seq=3 ttl=64 time=74.611 ms

and server can ping router:

Code:

root@vps188180:/etc/openvpn/easy-rsa# ping 10.20.40.6
PING 10.20.40.6 (10.20.40.6) 56(84) bytes of data.
64 bytes from 10.20.40.6: icmp_req=1 ttl=64 time=62.9 ms
64 bytes from 10.20.40.6: icmp_req=2 ttl=64 time=63.0 ms
64 bytes from 10.20.40.6: icmp_req=3 ttl=64 time=64.3 ms
64 bytes from 10.20.40.6: icmp_req=4 ttl=64 time=62.0 ms

But when i try ping devices behind the router for example 10.10.10.190 (my Rpi) i get this:

Code:

root@vps188180:/etc/openvpn/easy-rsa# ping 10.10.10.190
PING 10.10.10.190 (10.10.10.190) 56(84) bytes of data.
From 91.121.128.90 icmp_seq=1 Time to live exceeded
From 91.121.128.90 icmp_seq=2 Time to live exceeded
From 91.121.128.90 icmp_seq=3 Time to live exceeded
From 91.121.128.90 icmp_seq=4 Time to live exceeded

I tried with TTL 254 still no response.

My configuration on router:

Code:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.20.40.6  P-t-P:10.20.40.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2016 (1.9 KiB)  TX bytes:3036 (2.9 KiB)

Code:

root@BT:/# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.8.1     0.0.0.0         UG    0      0        0 eth1
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 br-lan
10.20.20.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0.3
10.20.40.1      10.20.40.5      255.255.255.255 UGH   0      0        0 tun0
10.20.40.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

Configuration on server:

Code:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.20.40.1  P-t-P:10.20.40.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:57 errors:0 dropped:0 overruns:0 frame:0
          TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:4788 (4.6 KiB)  TX bytes:13788 (13.4 KiB)

Code:

root@vps188180:/etc/openvpn/easy-rsa# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.20.40.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.20.40.0      10.20.40.2      255.255.255.0   UG    0      0        0 tun0
37.187.85.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0

Some, can help me set it correctly?

Thanks and sorry for my english.

smallpond · 07-25-2015, 08:28 AM

On the server you need a route to the LAN through your router.

Code:

route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.20.40.6

There may be a way to push the route when you set up the VPN, otherwise you need to add it manually.

Frydolin · 07-25-2015, 01:15 PM

Quote:

Originally Posted by smallpond

On the server you need a route to the LAN through your router.

Code:

route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.20.40.6

There may be a way to push the route when you set up the VPN, otherwise you need to add it manually.

When i add this static route it shows in venet0...

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.20.40.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.20.40.0      10.20.40.2      255.255.255.0   UG    0      0        0 tun0
37.187.85.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0
10.10.10.0      10.20.40.6      255.255.255.0   UG    0      0        0 venet0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0

i think it should be in tun0. Cant add

Code:

route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.20.40.6 tun0

Code:

root@vps188180:/etc/network# route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.20.40.6 tun0
SIOCADDRT: No such process