So, I have a rather unusual network setup, in which:
- I have a server (Let's call it
150.1.1.1for example) - This server runs a OpenVPN server (IP
10.10.4.1with the DHCP Range10.10.4.0/24) - I have an internal router (internal IP of
10.10.5.1, with the DHCP range10.10.5.0/24) running Advanced Tomato - This Router is a client of the VPN (with IP
10.10.4.3) - I have a handful of clients inside my LAN (
10.10.5.x) such as a NAS and a Media server, these have IPs inside the DHCP range of the router (10.10.5.54for example)
Currently, I am able to, from the OpenVPN server, ping and connect to any device inside the 10.10.5.x network, and vice versa.
I am however, not able to connect from any other device that connects to my OpenVPN server (whilst at work, at uni, etc) to any device inside the 10.10.5.x range, i'm happy to provide any extra configs you'd find necessary. but currently I have:
/etc/openvpn/server.conf
port 636
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
topology subnet
server 10.10.4.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 10.10.5.0 255.255.255.0 10.10.4.3
push "route 10.10.5.0 255.255.255.0"
push "redirect-gateway def1"
push "remote-gateway 150.1.1.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 0
/etc/openvpn/ccd/routerclient
iroute 10.10.5.0 255.255.255.0
/etc/openvpn/client-configs/routerclient.ovpn
client
dev tun
proto tcp
remote 150.1.1.1 636
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
auth SHA256
verb 3
<ca>
SNIP
</ca>
<cert>
SNIP
</cert>
<key>
SNIP
</key>
<tls-auth>
SNIP
</tls-auth>
