0

My OpenVPN Network <-- See image of my network

What i want to achieve is for the server to gain access to all clients including any client which is connected to the clients modem, and that all clients only can access the VPN server, so they do not need to see other client subnets.

What works is all clients can ping the VPN server fine by 10.1.1.100 and 10.8.0.1, they also gain access to the entire 10.1.1.0/24 network which i understand i can remove the "push "route 10.1.1.0 255.255.255.0"" statement, just included for testing.

The server can ping only the clients gateway, so server can ping 10.10.1.1 and ping 10.10.2.1 but cannot ping 10.10.1.200 or 10.10.2.200. This is the main part i want working, i want the server to reach the clients lan via their local IP which i will make static.

Can anyone assist me in getting this to work, i am using Ubuntu server 18.04, i assume it maybe route related but reading all the articles it states i do not need to setup static routes if the VPN Client is the lan gateway, which it is on the client end.

Server Routing Table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.1.1        0.0.0.0         UG    100    0        0 eno1
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.10.1.0       10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.10.2.0       10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eno1
10.1.1.1        0.0.0.0         255.255.255.255 UH    100    0        0 eno1
rsleek
  • 1
  • 1
  • I don't think i even need the static routes on the server side as i don't need the lan its on to access or be accessible over the VPN? Here is my traceroute to a client machine, seems the server routes correctly to the cients VPN IP but then stops at the gateway? traceroute to 10.10.1.200 (10.10.1.200), 30 hops max, 60 byte packets 1 10.8.0.4 (10.8.0.4) 40.037 ms 40.890 ms 42.379 ms 2 * * * 3 * * * 4 * * * 5 * * * * * * And so on – rsleek May 04 '19 at 03:04
  • So i removed the static routes and the push, all works as i want now except the server cannot ping the clients lan only the gateway and the VPN IP of the client. – rsleek May 04 '19 at 03:15
  • I think it works fine, just the ping for some reason isnt working, as setup a port listener on the client machine for port 80, and from the server i was able to wget directly to the client... will do further testing to make sure before marking as complete. – rsleek May 04 '19 at 05:36

0 Answers0