0

I have an OpenVPN server which runs with two configurations - first one is

port 1194
proto udp
dev tun

while the second one is

port 443
proto tcp
dev tun
port-share ${my-ip} 10443

I keep them this way since I prefer the udp one, but port 443 is accessible everywhere, while 1194 is not. Also port-sharing makes apache ssl logs less useful.

I use different subnets for each configuration:

server 10.25.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client

and

server 10.25.2.0 255.255.255.0
ifconfig-pool-persist ipp-port-share.txt
client-to-client

However, with this config a client from the first config (10.25.1.0/24) will be unable to connect to a client from the second config ( 10.25.2.0/24 ).

What can I do so that the two client subnets can communicate?

Robert Munteanu
  • 1,644
  • 5
  • 23
  • 41
  • Related question (but unanswered) is [Two openvpn servers on the same machine, route traffic between the two subnets](http://serverfault.com/questions/648782/two-openvpn-servers-on-the-same-machine-route-traffic-between-the-two-subnets) – roaima Oct 28 '15 at 12:16

1 Answers1

1

You need to declare a route to 10.25.2.0/24 for clients of the first configuration and 10.25.1.0/24 on the second. Use this in your first configuration file, and the converse in your second:

push "route 10.25.2.0 255.255.255.0"
roaima
  • 1,591
  • 14
  • 28
  • Thanks for the reply. I have done the changes: - ip forwarding is on ( /proc/sys/net/ipv4/ip_forward = 1 ) - added the push configurations, restarted the server + 1 client on each subnet However, the clients stil don't see each other. I am able to ping the gateway, e.g. from 10.25.1.40 I can ping 10.25.2.1, but not beyond. – Robert Munteanu Oct 28 '15 at 06:19
  • @RobertMunteanu do you get the route added on the clients? – roaima Oct 28 '15 at 09:19
  • yes, the route is added. I expected the ping to 10.25.2.1 would not work otherwise for a 10.25.1.x client – Robert Munteanu Oct 28 '15 at 10:29