0

I have a server with a public IP address. Let's call it $EXTERNAL. On that server, I have an OpenVpn server.

The server is set up to run a network: 

server 10.14.0.0 255.255.255.0

I have a router running tomato firmware that has a OpenVpn client connected. The router has a lan of 10.1.1.0/24. Here is the router's routing table:

# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.14.0.9       0.0.0.0         255.255.255.255 UH       40 0          0 tun11
192.168.1.0     0.0.0.0         255.255.255.0   U        40 0          0 vlan1
10.1.1.0        0.0.0.0         255.255.255.0   U        40 0          0 br0
10.14.0.0       10.14.0.9       255.255.255.0   UG       40 0          0 tun11
127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG       40 0          0 vlan1

I can ping 10.14.0.1 from the router. I can ssh into my external server both as 

me@tomato>$ ssh 10.14.0.1

and

me@tomato>$ ssh $EXTERNAL

However, from a computer on the 10.1.1.x network, I cannot reach the vpn server by it's vpn ip.

me@10.1.1.101>$ ssh 10.14.0.1

fails, but

me@10.1.1.101>$ ssh $EXTERNAL

succeeds.

Also, I don't know if this is related, but from the router,

me@tomato>$ telnet 10.14.0.1 80

fails, but

me@tomato>$ telnet $EXTERNAL 80

succeeds.

Nick Orton
  • 103
  • 3

1 Answers1

1

You need to add a route to 10.1.1.0/24 on the VPN server for the clients to be able to reach it:

root@vpn-server:~# ip route add 10.1.1.0/24 via 10.14.0.9
petrus
  • 5,297
  • 26
  • 42
  • You would also need to enable some address translation on the vpn server to allow the lan clients to access to internet. – petrus Apr 22 '12 at 14:07