2

First off: I have looked all over for a solution to this, but couldn't find anything.

How can I make OpenVPN's subnet accessible to my LAN?

BACKGROUND INFORMATION:

I have an openSUSE 12.1 box that is my NAT router. The internet is on eth0 and my LAN (10.0.0.0/24) is on eth1. OpenVPN creates the tun0 device, which I also added manually to the network interfaces list in YaST, so to be able to assign it to the firewall's internal zone. OpenVPN's subnet is 10.0.1.0/24.

I have checked "Enable IP Forwarding" in YaST's "Network Settings" and I am using "Masquerade Networks in YaST's SuSEFirewall settings. In /etc/sysconfig/SuSEfirewall2 I have set FW_MASQ_NETS="10.0.0.0/25 10.0.1.0/24" The "Network Settings"' routing table is currently empty.

At this point I can reach 10.0.0.0/24 and the rest of the world from my VPN's 10.0.1.0/24, since OpenVPN's server.conf sais push "redirect-gateway def1 bypass-dhcp".

QUESTION:

What I want now is to be able to reach VPN-connected machines (10.0.1.0/24) from my LAN (10.0.0.0/24). How do I do this the right way in openSuSE?

derabbink
  • 261
  • 5
  • 16

1 Answers1

0

If i understood correctly, you should already be able to do that (unless you have some firewall rules in place that disallow this).

Since your vpn server acts as a default gateway for both your networks (vpn+internal), and it knows the all the correct routes, it should work without any additional settings. Both networks are "locally connected" (OpenVPN acts as a local interface too, so it's route is immediately added), so no need for additional routes.

mulaz
  • 10,682
  • 1
  • 31
  • 37
  • That's exactly what I was thinking, but in practice it seems like packtes from a 10.0.0.0/24 address never find their way to a 10.0.1.0/24 address. The funny thing is though, that a ping from the VPN subnet to the LAN subnet _does_ yield a return packet. – derabbink Aug 28 '12 at 12:32