[SOLVED] OpenVPN - Cannot see other machines except Server.
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OpenVPN - Cannot see other machines except Server.
Hello Everyone.
I have a problem with configuring OpenVPN.
I did manage to make it run and can connect to the server but cannot see other machines in remote network.
I have one network (192.168.37.0/24) on which there is OpenVPN Server (192.168.37.60) running and around 30 other machines. I can connect to OpenVPN Server but cannot to any other.
0.0.0.0 192.168.37.1 0.0.0.0 UG 0 0 0 eth0
10.8.8.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.37.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Server config:
Quote:
local 192.168.37.60
port 1194
proto udp
dev tap
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.37.60 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Client conf:
Quote:
client
dev tap
proto udp
remote my-server.dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /VPN/ca.crt
cert /VPN/my.crt
key /VPN/my.key
comp-lzo
verb 3
What do you think is wrong with this setup?
Thank you very much for any help that you will provide. I'm really tired of this. Red so much about everything connected with OpenVPN and nothing seems to be helpful, so it's better to ask Professionals.
Have you setup your OpenVPN server to forward incoming and outgoing packets from the vpn network to your localnetwork in your firewall or routing table?
If you want the OpenVPN clients to be able to participate on the server's LAN, you must configure the server in bridged mode instead of routed mode but this exposes the LAN to a greater security risk.
If you want the OpenVPN clients to be able to participate on the server's LAN, you must configure the server in bridged mode instead of routed mode but this exposes the LAN to a greater security risk.
Bridging is possible, but as you say opens security issues. Keeping the VPN on a separate subnet and building routing table and firewall rules allows you to integrate the VPN into the local subnet and control access and logging.
Bridging is possible, but as you say opens security issues. Keeping the VPN on a separate subnet and building routing table and firewall rules allows you to integrate the VPN into the local subnet and control access and logging.
So if I'm right it's better or more secure to leave it as it is. And just log it through ssh.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.