On 19/05/15 20:14, Josu Lazkano wrote: > Hello all, > > Thanks this list I configure my first OpenVPN link between 2 OpenWRT routers. > > I configured client - server configuration this way: > > server (192.168.1.1/24) > > config openvpn 'myvpn' > option enabled '1' > option dev 'tun' > option port '1194' > option proto 'udp' > option log '/tmp/openvpn.log' > option verb '3' > option ca '/etc/openvpn/ca.crt' > option cert '/etc/openvpn/my-server.crt' > option key '/etc/openvpn/my-server.key' > option server '10.8.0.0 255.255.255.0' > option ifconfig '10.8.0.1 10.8.0.2' > option dh '/etc/openvpn/dh512.pem' > list 'push' 'route 192.168.1.0 255.255.255.0' > > client (192.168.2.1/24): > > config openvpn 'myvpn' > option enabled '1' > option dev 'tun' > option proto 'udp' > option log '/tmp/openvpn.log' > option verb '3' > option ca '/etc/openvpn/ca.crt' > option cert '/etc/openvpn/my-client.crt' > option key '/etc/openvpn/my-client.key' > option client '1' > option remote_cert_tls 'server' > option ifconfig '10.8.0.2 10.8.0.1' > option remote 'SERVER_IP 1194' > > This way I can ping from client to server network: > > ping 192.168.1.1 > ping 192.168.1.10 > > But not from server to client network: > > ping 192.168.2.1 > ping 192.168.2.10 > > Is it possible to push the client network to the server? > > This is my "routes": > > server: > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > default 1.85-Y-X.dyna 0.0.0.0 UG 0 0 0 eth0.2 > 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 > 10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0 > 85.Y.X.0 * 255.255.252.0 U 0 0 0 eth0.2 > 192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan > > client: > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > default 1.85-Y-X.dyn 0.0.0.0 UG 0 0 0 eth0.2 > 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 > 10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0 > 85.Y.X.0 * 255.255.252.0 U 0 0 0 eth0.2 > 192.168.1.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 > 192.168.2.0 * 255.255.255.0 U 0 0 0 br-lan > >
hmmm this would be much simpler in point-to-point mode, which you wanted to start out initially. Isn't there any way to get point-to-point mode (no certificates, just a static key) working on OpenWRT? If not, then you'll have to resort to client-config-dir and iroute statements. JJK ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
