OpenVPN routing within Slackware
I currently have OpenVPN set up such that clients are able to connect to the server, obtain specific tun0 addresses and communicate as follows:
the client is able to ping the server and vice versa via their respective tun0 IP address, however the server cannot ping the client using the client's LAN IP address. The client CAN ping the server using its LAN IP address and also can ping the computers on the server's LAN using their LAN IP address. So my issues currently are: 1. server can't ping client at client's LAN IP address 2. computers behind server can't see client the client and server are both connected behind their respective router/gateway so I know they need some changes on the router to communicate properly. I would like to avoid changing anything on the router and to just issue static routes, but not sure what I need to do exactly. I've turned on ip_forward on the server and on the computers behind the server, as well as added Code:
ip r a 10.8.1.0/24 via 192.168.1.3 |
Quote:
|
Do you have any physical segmentation or is it all logical? If so you im not really sure how that setup will work.
|
After some troubleshooting I've determined that the client needed an iptable rule to allow incoming traffic on tun0. I actually had that in my script, but since I'm using this script both on the server and client I misplaced that statement so it was only running on the server side. Also needed to turn on IP forwarding on the client so now the server can ping the client at its LAN IP and its tun0 IP. The client can also ping the server at its own LAN IP and tun0 IP. The remaining issue now is how do I get it so that other computers on the server's LAN can communicate with the client?
Quote:
The LAN IP of the client is 192.168.25.100 and its tun0 IP is 10.8.1.14 so the client LAN is 192.168.25.0/24. The LAN IP of the server is 192.168.14.20 and its tun0 IP is 10.8.1.1 so the server LAN is 192.168.14.0/24. How can I get computers on the server LAN to see the client? I'd rather not modify anything on the gateway/router and would prefer to create a static route since it's only one machine on the server LAN that requires specific access to the connecting client. Quote:
|
All times are GMT -5. The time now is 11:38 AM. |