This may be a stupid question, but in the remote office, do you have a route for 10.8.139.0/25? If not, then the clients can get packets to the remote network, but the remote network can't get packets back to the clients.
On Sun, Oct 2, 2022 at 7:44 AM Bo Berglund <bo.bergl...@gmail.com> wrote: > > 6 months ago or so I have set up a system where I have two fiber connected LAN > segments in different locations tied together with OpenVPN into one single LAN > using addresses 192.168.117.x and 192.168.119.x. > > The two segments have routers configured such that the 117 LAN connects with > OpenVPN to my main LAN on 119 and the main LAN router has its routing set up > to > channel traffic for 117 via the OpenVPN tunnel. > > It works well for devices connected to the two LAN sections directly, but not > when a device is connected to the main LAN via OpenVPN while travelling. > In this case (I am now half a workld away from home) I can reach my home LAN > (119) but not the 117 LAN... > > So now I wonder how I should set up the OpenVPN server on the main LAN such > that > if a client wants to talk to a device on the 117 segment it can actually reach > it? > > The server is set up for a split tunnel such that if a client addresses the > server side LAN it will route through the tunnel but for Internet traffic it > should use the local gateway directly. > Now I think that it is actually doing this for traffic to LAN segment 117 too > and this is what I would like to change. > > Here is my server side conf file: > > # this is the config for local only access > port 1190 > proto udp > dev tun > ca /etc/openvpn/keys/ca.crt > cert /etc/openvpn/keys/server.crt > key /etc/openvpn/keys/server.key > dh /etc/openvpn/keys/dh2048.pem > tls-auth /etc/openvpn/keys/ta.key 0 > topology subnet > server 10.8.139.0 255.255.255.0 'nopool' > ifconfig-pool 10.8.139.2 10.8.139.127 255.255.255.0 > ifconfig-pool-persist ipplocal.txt > push "route 192.168.119.0 255.255.255.0" #Local LAN access > push "dhcp-option DNS 192.168.119.1" #Local server > push "dhcp-option DNS 208.67.220.220" #Public server > keepalive 10 120 > cipher AES-256-CBC > #Disable compression and push this to the client > comp-lzo no > push "comp-lzo no" > > # This is needed for site-to-site routing via remote Router > client-config-dir /etc/openvpn/ccdl > route 192.168.117.0 255.255.255.0 > # Allow other clients to the server to also reach remote > client-to-client > push "route 192.168.117.0 255.255.255.0" > # end site-to-site routing > max-clients 20 > persist-key > persist-tun > status /etc/openvpn/log/ovpn-status_local.log > log /etc/openvpn/log/ovpn_local.log > verb 4 > mute 10 > explicit-exit-notify 1 > push "explicit-exit-notify 1" > > It seems like the following line does not affect the connected VPN clients on > the server LAN: > route 192.168.117.0 255.255.255.0 > > What could I change to make it work? > > Can this line be modified to encompass a larger subnet maybe? > push "route 192.168.119.0 255.255.255.0" #Local LAN access > > for example 192.168.116.0/22 (covering 116, 117, 118, 119) > > > -- > Bo Berglund > Developer in Sweden > > > > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
