OpenVPN routing between static hosts

2

I have an OpenVPN server with successful static-key tunnels to two separate hosts - my laptop, and another server elsewhere on the internet. I have connectivity over both OpenVPN tunnels.

How do I make it so the server with two tunnels routes traffic across its tunnels?

Switching to server mode is undesirable, as PKI is a large headache, I am the only person involved, and I already have a secure channel by which to distribute the shared keys (SSH).

[CENTRAL POINT]


tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:3031 errors:0 dropped:0 overruns:0 frame:0
      TX packets:2003 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:410154 (400.5 KiB)  TX bytes:734257 (717.0 KiB)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.1.1  P-t-P:10.8.1.2  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:0 (0.0 B)  TX bytes:504 (504.0 B)

[OTHER SERVER]

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
      inet addr:10.8.1.2  P-t-P:10.8.1.1  Mask:255.255.255.255
      UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100 
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

[LAPTOP]

tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.8.0.2 --> 10.8.0.1 netmask 0xffffffff 
open (pid 42162)

The goal would be for LAPTOP (10.8.0.2) to ping OTHER SERVER (10.8.1.2). I already have forwarding enabled and am sending LAPTOP's web traffic through the VPN with no issues. But I can't figure out how to reach OTHER SERVER on it's tun interface from LAPTOP.

debian
vpn
routing
openvpn
asked on Server Fault Jul 21, 2013 by jacobbaer

2 Answers

1

If I understood correctly what you meant you just need to push the routes to both virtual networks. On the central point you should have a config file for both virtual networks, on the one for the [LAPTOP] add:

push "route 10.8.1.0 255.255.255.255"

and for the [OTHER SERVER]:

push "route 10.8.0.0 255.255.255.255"

answered on Server Fault Jun 4, 2015 by mndo
0

server.conf:

push "route 10.10.0.0 255.255.255.0"          # VPN LAN
push "route 10.33.0.0 255.255.0.0"            # Internal LAN 1
push "route 172.16.55.0 255.255.252.0"        # Internal LAN 2
push "route 192.168.1.0 255.255.255.0"        # Internal LAN 2
push "route 192.168.200.100 255.255.255.255"  # A Lonely Computer

Sends the routs to the VPN client... (or your next gateway). Then you may need to set up your static routes if other routers are on the network you are VPNing into.

OpenVPN Scope

answered on Server Fault Jun 4, 2015 by Ehdrian • edited Jun 4, 2015 by Ehdrian

User contributions licensed under CC BY-SA 3.0