[CentOS] OpenVPN routing question

Boris Epstein borepstein at gmail.com
Sun Apr 14 13:14:20 UTC 2013


On Sun, Apr 14, 2013 at 9:06 AM, Stephen Harris <lists at spuddy.org> wrote:

> On Sun, Apr 14, 2013 at 09:00:16AM -0400, Boris Epstein wrote:
> > Let's say I have an OpenVPN (v2) server sitting on a Linux machine with
> the
> > IP address of, say, 192.168.10.1o. We are talking real address, assigned
> to
> > a NIC on the machine.
> >
> > Now let us say the OpenVPN server hands out IP's in the
> > 192.168.20.0/24range. And let us say that I want the machines able to
> > reach the VPN server
> > to be able to route to the machines available via the VPN. So, for
> > instance, 192.168.10.5 should be able to ping 192.168.20.6 assuming the
> > latter is one of the VPN clients.
> >
> > So here is my question: is there a VPN setting that would facilitate
> that?
>
> In the server config file
>   push "route 192.168.10.0 255.255.255.0"
>
> That will tell the openvpn client to add a route to 192.168.10.0/24 via
> the openvpn gateway.
>
> Machines on the LAN also need a route to 192.168.20.0/24 via the gateway;
> this is easy if your OpenVPN server is also your default gateway (eg
> router); otherwise you may need to add routes per-machine or via DHCP,
> or potentially just tell the default router about the route and let it
> send redirects to the LAN machines.
>
> --
>
> rgds
> Stephen
> _______________________________________________
>
>
Stephen,

Thanks! What you are saying makes perfect sense. I have tried it.

It works for every subnet except the one the OpenVPN server sits on (
192.168.10.0/24 in our example). Yes, the VPN server has to be the default
router - or else it just does not seem to work. This additional hop just
kills everything, it seems.

Boris.



More information about the CentOS mailing list