On 03/07/2013 02:58 PM, Charles Curley wrote: > I tried installing openvpn and following this tutorial: > http://wiki.debian.org/OpenVPN > > I got as far as the statement "You should probably configure your route > at this step." I have tried several "route add" commands but none seem > to produce useful results. I can ping the local side of the connection, > but not the remote side. > > How do I add the appropriate route to each machine? Thanks >
I let OpenVPN do it for me. Here's a complicate setup that puts in routes for 6 networks. What this means is that VPN clients are told to use the vpn server as the gateway for these routes # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. push "route remote_host 255.255.255.255 net_gateway" push "route 192.168.2.0 255.255.255.192" push "route 192.168.2.64 255.255.255.192" push "route 192.168.3.0 255.255.255.0" push "route 192.168.4.0 255.255.255.0" push "route 192.168.5.0 255.255.255.0" push "route 192.168.6.0 255.255.255.0" What's cool is I can tell VPN that some VPN clients have routes to these networks. For example, 192.168.4.0 might be the internal network at my home. 192.168.5.0 might be the internal network at my parents' house. And 192.168.6.0 might be another network at another site. Then to tell openvpn which clients have these networks, in the "/etc/openvpn/ccd/" directory, I can make individual files (based on user id or TLS certificate common name). Like this: home-router: # give this client the same ip address every time (see docs on how the pairs work) ifconfig-push 192.168.3.4 192.168.3.3 iroute 192.168.4.0 255.255.255.0 parents-router: ifconfig-push 192.168.3.6 192.168.3.5 iroute 192.168.5.0 255.255.255.0 other-site: ifconfig-push 192.168.3.8 192.168.3.7 iroute 192.168.6.0 255.255.255.0 Now when everyone is vpn'd in you can ping across any of the subnets just fine and routing is all taken care of. Hope that makes sense. Let me know if you have a question about what I wrote. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
