LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories
User Name
Password
LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.

Notices

Reply
 
Search this Thread
Old 09-11-2007, 02:59 AM   #1
andrewdodsworth
Member
 
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
openVPN routing where local and remote networks clash


The problem
When I set up openVPN I had already configured my local networks using the usual 192.168.1.x, 192.168.2.x etc. No issues locally because the modem/router was set to 192.168.1.x so that's my external network and 192.168.2.x and 192.168.3.x are internal. Remote VPN worked fine except when trying to access an application server on 192.168.2.230 if the remote client's network was 192.168.2.x when the client was looking locally for the server rather than over the VPN. Unfortunately in my case two remote clients that needed access to the server were in this situation and one I couldn't change their network so I had to find a solution. Although I could manually add a route on the client once the VPN was up I needed to find an automatic solution.

Solution
It just so happens that all my servers have addresses in the range 192.168.2.200 to 192.168.2.254 and the remote client gateways had addresses of 192.168.2.1 and allocated DHCP addresses below 192.168.2.100. Therefore I was lucky in that I had non-overlapping subnets. Also because I only needed certain clients to have access to the server I needed a solution that was client dependant. The answer was to turn on client-ccd on the server by uncommenting in /etc/openvpn/server.conf:
Code:
client-config-dir ccd
I created the ccd directory under the openvpn directory (/etc/openvpn/ccd) and added text files for only the clients that needed it. In my case when initially setting up the client keys I called them client1, client2 etc so I called the files in the ccd directory client1, client2 etc. Add the following line as amended for your particular circumstances to the individual client files in the ccd directory:
Code:
push "route 192.168.2.192 255.255.255.192"
and that's it! What this does is route any requests for IPs in the range 192.168.2.192 to 192.168.2.254 to the VPN server end leaving any others local to the client. If your situation doesn't match mine then you can do individual ones:
Code:
push "route 192.168.2.230 255.255.255.255"
You can also have multiple push statements. What you must have is a mask other than 255.255.255.0 because the client routing table must be able to differentiate between local and remote addresses.
Other subnetting examples are:
Code:
192.168.2.128 255.255.255.128 (for 128 to 254)
192.168.2.224 255.255.255.224 (for 224 to 254)
192.168.2.240 255.255.255.240 (for 240 to 254)
192.168.2.248 255.255.255.248 (for 248 to 254)
If your situation is such that you can't split things up nicely (I was lucky many years ago that I decided to logically split servers from clients in the way I did) then unfortunately you're going to have to do some local network renumbering.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to bridge networks with OpenVPN LXer Syndicated Linux News 0 11-22-2006 04:03 AM
Routing from OpenVPN server jjge Linux - Networking 1 08-29-2006 09:34 AM
[openvpn] routing at server side Zym0tiC Linux - Networking 2 10-06-2005 03:40 PM
openVPN and routing issues mdkelly069 Linux - Networking 0 07-12-2004 12:19 PM
OpenVPN Routing problem groetschel Linux - Networking 4 04-28-2004 04:07 AM


All times are GMT -5. The time now is 07:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration