On Tue, 8 Mar 2022 08:08:57 +0100, Gert Doering <g...@greenie.muc.de> wrote:
>Hi,
>
>On Mon, Mar 07, 2022 at 11:59:53PM +0100, Bo Berglund wrote:
>> This is pretty clumsy in my view and I would rather be able to connect to the
>> RPi from any device on my LAN without also connecting by VPN from those
>> devices.
>>
>> Can this be done in some easy to understand way?
>
>It's - again - all a matter of routing.
>
>The RPi needs to have a route towards your LAN IPs ("push route ..." in
>ccd/ or main openvpn config) and the LAN hosts needs to have a route
>"RPi network -> OpenVPN server" (or the LAN router needs this route, so
>packets go LAN host -> router -> openvpn server - not as efficient, but
>for low-traffic sessions perfectly fine)
>
OK so let me see:
The client (the RPi4) is getting a route on to the server side LAN. That happens
on *all* of my clients, I guess thanks to this server side directive:
push "route 192.168.119.0 255.255.255.0" #Local LAN
The client itself gets a DHCP assigned address from this:
ifconfig-pool 10.8.139.2 10.8.139.127 255.255.255.0
So since it is on a different network than my home LAN then in order for the
server side device to connect to the VPN client it will need a route to the
10.8.139.x network, which is via the OpenVPN server...
I guess that if I want to be able to use this then I have to either add a route
specifically on the device needing the connection which is targeting the OpenVPN
server, right? I don't know how to do this.
Or else I could add a route on the server side router for that VPN network like
I did when connecting my two LAN:s together as described in the previous thread.
But how do I need to prepare the OpenVPN server such that it will actually
accept this routing call?
An iroute setting in the server conf file or a new ccd entry with the iroute?
--
Bo Berglund
Developer in Sweden
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
