On Mon, 2021-09-13 at 08:32 -0400, Robert K Coffman Jr. -Info From Data Corp. wrote: > On 9/13/2021 5:57 AM, Dave via Shorewall-users wrote: > > I need to route packets to and from another subnet via an OpenVPN > > server running on the local subnet. > > Why aren't you using the OpenVPN mechanism to create the necessary > routes? > > For local subnet 192.168.1.0/24 and remote via vpn subnet > 10.0.0.0/24: > > On the server side: > > push "route 192.168.1.0 255.255.255.0"
> ccd-exclusive > client-config-dir ccd > route 10.0.0.0 255.255.255.0 > > Then - in /ccd - create a file with the CN of the client with this in > it: > > iroute 10.0.0.0 255.255.255.0 > > Restart OpenVPN server after making these changes. > Thanks so much Robert! My server.conf file does contain: client-config-dir /etc/openvpn/ccd route 192.168.1.0 255.255.255.0 and push "route 192.168.1.0 255.255.255.0" In /etc/openvpn/ccd is a file named vpnclient and it contains: iroute 192.168.1.0 255.255.255.0 I tried changing it to: iroute 10.11.12.0 255.255.255.0 I could no longer connect to the client machine using ssh on the server machine. After changing it back to 192.168.1.0, I could connect again. The vpn is working from client to server and back. I just can't connect to and from other computers on either subnet. My admittedly limited understanding of the situation is that static routing must be set up on the firewall/router, because the openvpn server is running on a separate machine on the subnet, not on the router. The client is also not on the router. Do I need a rule or rules in /etc/shorewall/rules and possibly other configuration in other shorewall files? Thanks again! _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
