Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - General > Member Success Stories
User Name
Password Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.


  Search this Thread
Old 09-11-2007, 02:59 AM   #1
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
openVPN routing where local and remote networks clash

The problem
When I set up openVPN I had already configured my local networks using the usual 192.168.1.x, 192.168.2.x etc. No issues locally because the modem/router was set to 192.168.1.x so that's my external network and 192.168.2.x and 192.168.3.x are internal. Remote VPN worked fine except when trying to access an application server on if the remote client's network was 192.168.2.x when the client was looking locally for the server rather than over the VPN. Unfortunately in my case two remote clients that needed access to the server were in this situation and one I couldn't change their network so I had to find a solution. Although I could manually add a route on the client once the VPN was up I needed to find an automatic solution.

It just so happens that all my servers have addresses in the range to and the remote client gateways had addresses of and allocated DHCP addresses below Therefore I was lucky in that I had non-overlapping subnets. Also because I only needed certain clients to have access to the server I needed a solution that was client dependant. The answer was to turn on client-ccd on the server by uncommenting in /etc/openvpn/server.conf:
client-config-dir ccd
I created the ccd directory under the openvpn directory (/etc/openvpn/ccd) and added text files for only the clients that needed it. In my case when initially setting up the client keys I called them client1, client2 etc so I called the files in the ccd directory client1, client2 etc. Add the following line as amended for your particular circumstances to the individual client files in the ccd directory:
push "route"
and that's it! What this does is route any requests for IPs in the range to to the VPN server end leaving any others local to the client. If your situation doesn't match mine then you can do individual ones:
push "route"
You can also have multiple push statements. What you must have is a mask other than because the client routing table must be able to differentiate between local and remote addresses.
Other subnetting examples are:
Code: (for 128 to 254) (for 224 to 254) (for 240 to 254) (for 248 to 254)
If your situation is such that you can't split things up nicely (I was lucky many years ago that I decided to logically split servers from clients in the way I did) then unfortunately you're going to have to do some local network renumbering.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to bridge networks with OpenVPN LXer Syndicated Linux News 0 11-22-2006 04:03 AM
Routing from OpenVPN server jjge Linux - Networking 1 08-29-2006 09:34 AM
[openvpn] routing at server side Zym0tiC Linux - Networking 2 10-06-2005 03:40 PM
openVPN and routing issues mdkelly069 Linux - Networking 0 07-12-2004 12:19 PM
OpenVPN Routing problem groetschel Linux - Networking 4 04-28-2004 04:07 AM > Forums > Linux Forums > Linux - General > Member Success Stories

All times are GMT -5. The time now is 01:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration