How to config private IPs for IPMI using VPN?

Question

Recently I discovered it is best to protect my IPMI web interface behind a VPN. I went ahead and installed OpenVPN on my server and connect to it using tunnleblink on OSX. The VPN part is all set and done. Works flawlessly. My problem is that I do not know what IPs to assign my IPMI port to access it with a private IP when connected to it.

Currently OpenVPN is configured to use 10.8.0.0 and 255.255.255.0. After I connect to the VPN I can access my web server by visiting 10.8.0.1. I went ahead and configured IPMI with IP 10.8.0.10, netmask 255.255.255.0 and various gateway IPs and none seemed to work. I feel I am entering the wrong gateway IP. Do I enter my public gateway IP or an internal gateway IP? And in that case wouldn't it be 10.8.0.0?

A quick answer to this would be much appreciated. Many thanks!

Answer 1

OpenVPN is like any router. What you want to do is create a subnet that can be pushed from OPNVPN server. AS such your OPenVPN client can see that network. This way your private network inside the OpenVPN can be safely shown to the people who have access to that network.

Word of Caution.

1. the private network of the VPN should not be the same IP range as the VPN assigned network
2. The private network of the VPN should not be the same IP range as the Client network

you do this by adding this line in your openvpn config for the server. push "route network subnet"

Server private network that is 10.10.2.0
Server openVPN network is 10.0.0.0

add this to your server config you will allow openVPN client who can connect to 10.0.0.0 to be able to see equipment that is on 10.10.2.0

push "route 10.10.2.0 255.255.255.0"

if you want route on the client to be seen by all you do this on the server

eg.

Server Network is 10.10.2.0.
Client Network is 10.10.1.0.
OpenVPN network is 10.0.0.0.

server.conf

route 10.10.1.0 255.255.255.0
push "route 10.10.1.0 255.255.255.0"
client-to-client