I have an OpenVPN server with successful static-key tunnels to two separate hosts - my laptop, and another server elsewhere on the internet. I have connectivity over both OpenVPN tunnels.
How do I make it so the server with two tunnels routes traffic across its tunnels?
Switching to server mode is undesirable, as PKI is a large headache, I am the only person involved, and I already have a secure channel by which to distribute the shared keys (SSH).
[CENTRAL POINT]
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:3031 errors:0 dropped:0 overruns:0 frame:0
TX packets:2003 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:410154 (400.5 KiB) TX bytes:734257 (717.0 KiB)
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.1.1 P-t-P:10.8.1.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:504 (504.0 B)
[OTHER SERVER]
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.1.2 P-t-P:10.8.1.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[LAPTOP]
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.8.0.2 --> 10.8.0.1 netmask 0xffffffff
open (pid 42162)
The goal would be for LAPTOP (10.8.0.2) to ping OTHER SERVER (10.8.1.2). I already have forwarding enabled and am sending LAPTOP's web traffic through the VPN with no issues. But I can't figure out how to reach OTHER SERVER on it's tun interface from LAPTOP.
If I understood correctly what you meant you just need to push the routes to both virtual networks. On the central point you should have a config file for both virtual networks, on the one for the [LAPTOP] add:
push "route 10.8.1.0 255.255.255.255"
and for the [OTHER SERVER]:
push "route 10.8.0.0 255.255.255.255"
server.conf:
push "route 10.10.0.0 255.255.255.0" # VPN LAN
push "route 10.33.0.0 255.255.0.0" # Internal LAN 1
push "route 172.16.55.0 255.255.252.0" # Internal LAN 2
push "route 192.168.1.0 255.255.255.0" # Internal LAN 2
push "route 192.168.200.100 255.255.255.255" # A Lonely Computer
Sends the routs to the VPN client... (or your next gateway). Then you may need to set up your static routes if other routers are on the network you are VPNing into.
User contributions licensed under CC BY-SA 3.0