OpenVPN routing within Slackware

dimm0k · 07-05-2013, 12:49 PM

I currently have OpenVPN set up such that clients are able to connect to the server, obtain specific tun0 addresses and communicate as follows:

the client is able to ping the server and vice versa via their respective tun0 IP address, however the server cannot ping the client using the client's LAN IP address. The client CAN ping the server using its LAN IP address and also can ping the computers on the server's LAN using their LAN IP address. So my issues currently are:

1. server can't ping client at client's LAN IP address
2. computers behind server can't see client

the client and server are both connected behind their respective router/gateway so I know they need some changes on the router to communicate properly. I would like to avoid changing anything on the router and to just issue static routes, but not sure what I need to do exactly. I've turned on ip_forward on the server and on the computers behind the server, as well as added

Code:

ip r a 10.8.1.0/24 via 192.168.1.3

but the computers behind the server still can't ping the connected clients. 10.8.1.0/24 is the tun0 network and 192.168.1.0/24 is the server network.

Gerard Lally · 07-05-2013, 02:37 PM

Quote:

Originally Posted by dimm0k

... but the computers behind the server still can't ping the connected clients. 10.8.1.0/24 is the tun0 network and 192.168.1.0/24 is the server network.

What is/are the client network address(es)? Needless to say clients should not have an address in the 192.168.1.0/24 range.

btrsteve · 07-06-2013, 03:57 PM

Do you have any physical segmentation or is it all logical? If so you im not really sure how that setup will work.

dimm0k · 07-07-2013, 11:15 AM

After some troubleshooting I've determined that the client needed an iptable rule to allow incoming traffic on tun0. I actually had that in my script, but since I'm using this script both on the server and client I misplaced that statement so it was only running on the server side. Also needed to turn on IP forwarding on the client so now the server can ping the client at its LAN IP and its tun0 IP. The client can also ping the server at its own LAN IP and tun0 IP. The remaining issue now is how do I get it so that other computers on the server's LAN can communicate with the client?

Quote:

Originally Posted by gezley

What is/are the client network address(es)? Needless to say clients should not have an address in the 192.168.1.0/24 range.

I've changed things a bit to avoid the 192.168.1 subnet...
The LAN IP of the client is 192.168.25.100 and its tun0 IP is 10.8.1.14 so the client LAN is 192.168.25.0/24.
The LAN IP of the server is 192.168.14.20 and its tun0 IP is 10.8.1.1 so the server LAN is 192.168.14.0/24.

How can I get computers on the server LAN to see the client? I'd rather not modify anything on the gateway/router and would prefer to create a static route since it's only one machine on the server LAN that requires specific access to the connecting client.

Quote:

Originally Posted by btrsteve

Do you have any physical segmentation or is it all logical? If so you im not really sure how that setup will work.

Both sides are physical segments...