Re: [Openvpn-users] one client as default gw for another client with routed setup

Fri, 15 Mar 2019 10:23:14 -0700 

On 14/03/19 17:14, sergio wrote:

Hello.
I've already tried to discuss this in IRC as I thought it's simple and short question, but it seems that it is not. 

The sort question is:
"Is it true, that making one client to be default gateway for another client is impossible with routed setup (OK, without NAT on vpn server), and this is another argument for bridged setup, not listed in BridgingAndRouting doc?"
as Gert said, the short answer to this question is : No, it's perfectly well possible to set this up using a routed setup
Is it possible (and how) to do this with routed setup? (Without NAT'ing on server as it's not pure routed setup.) 


Routed setup example:
openvpn server : 10.0.1.1, network : 10.0.1.0/24
client A       : 10.0.2.1, network : 10.0.2.0/24
client B       : 10.0.3.1, network : 10.0.3.0/24
Ping from 10.0.3.17 (the host behind B) to 10.0.2.32 (the host behid A) works fine. 

I can route 1.1.1.1 from 10.0.3.0/24 via 10.0.1.2 by adding:
ip r add 1.1.1.1 via 10.0.1.1 (on client B)
iroute 8.8.8.8 255.255.255.255 (to ccd/A on the server)
The question is how to route all traffic from 10.0.3.0/24 via 10.0.1.2 to the internet?
When I do `ip route replace default via 10.0.1.2` on 10.0.3.1 the traffic goes out via 10.0.1.1 and doesn't reach 10.0.1.2, of course.
that will be mostly a matter of return routes not being processed correctly. Esp for internet routing, *someone* will end up NATting traffic. How to set this up:  first make sure that the LAN behind your GW client is accessible from the other client 

=== client.conf:
client
remote IP
proto tcp
dev-type tun

tls-client
remote-cert-tls server
ca
cert
key


=== server.conf:
local 0.0.0.0
port 1194
proto tcp-server
dev-type tun
persist-tun
topology subnet

tls-server
ca
key
cert
dh

mode server
ifconfig 10.0.1.1 255.255.255.0
client-config-dir ccd

client-to-client
push "topology subnet"
push "route-gateway 10.0.1.1"
push "route 10.0.1.0 255.255.255.0"

push "route 10.0.2.0 255.255.255.0"
push "route 10.0.3.0 255.255.255.0"

route 10.0.2.0  255.255.255.0 10.0.1.2
route 10.0.3.0  255.255.255.0 10.0.1.3


=== ccd/A
ifconfig-push 10.0.1.2 255.255.255.0
iroute 10.0.2.0 255.255.255.0


=== ccd/B
ifconfig-push 10.0.1.3 255.255.255.0
iroute 10.0.3.0 255.255.255.0






_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to