Re: [Openvpn-users] Remote RPi unit connected by VPN, how to SSH to it via its tunnel from LAN device?

Mon, 07 Mar 2022 23:56:14 -0800 

Hi,

On Tue, Mar 08, 2022 at 08:45:27AM +0100, Bo Berglund wrote:
> OK so let me see:
> The client (the RPi4) is getting a route on to the server side LAN. That 
> happens
> on *all* of my clients, I guess thanks to this server side directive:
> 
> push "route 192.168.119.0 255.255.255.0" #Local LAN
> 
> The client itself gets a DHCP assigned address from this:
> 
> ifconfig-pool 10.8.139.2 10.8.139.127 255.255.255.0
> 
> So since it is on a different network than my home LAN then in order for the
> server side device to connect to the VPN client it will need a route to the
> 10.8.139.x network, which is via the OpenVPN server...

Right.

> I guess that if I want to be able to use this then I have to either add a 
> route
> specifically on the device needing the connection which is targeting the 
> OpenVPN
> server, right? I don't know how to do this.

If it's a windows box, run "route add ..." from cmd.exe - if it's a
linux box, run "ip route add ...".  On Windows, this can be auto-persistent
(route add /p, if I remember right), on Linux you need to find out where
in /etc/ your distribution expects static routes.

> Or else I could add a route on the server side router for that VPN network 
> like
> I did when connecting my two LAN:s together as described in the previous 
> thread.

Yep.  Same thing: make sure all devices know where to send packets "to the
other side" to.

> But how do I need to prepare the OpenVPN server such that it will actually
> accept this routing call?

There is no "routing call".  Routing is done individually on each involved
device - so, if the OpenVPN server can reach the VPN client (RPi), then
routing is fine.

You might need to enable IP forwarding (/etc/sysctl.conf) for it to forward 
packets coming in from other hosts .

> An iroute setting in the server conf file or a new ccd entry with the iroute?

iroutes will only be needed if you need to make a "network behind a VPN client"
known to the VPN Server.  If you do pools only, the VPN server already knows.

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             [email protected]

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to