I have the following task:
LOCAL-PC -> VPN-SERVER
-> VPN_CLIENT1 (10.11.0.6) -> TARGET (10.0.200.1)
-> VPN_CLIENT2 (10.11.0.8) -> TARGET (10.0.200.1)
-> VPN_CLIENT3 (10.11.0.14) -> TARGET (10.0.200.1)
I need to reach a specific TARGET on the VPN-clients network.
This is working:
- I have a OpenVPN TAP server running.
- The VPN clients can connect to the server and get an IP in their own VPN-subnet
- VPN-clients can reach the servers subnet
- Server-Side clients can reach the VPN subnet
I don't want to brige the complete LAN-Interface of my VPN-clients to the VPN tap-interface.
I can add a route on my LOCAL-PC like this:
route add 10.0.200.1 MASK 255.255.255.255 10.11.0.6
That way my LOCAL-PC will forward data to my VPN-server which probably doesn't know what to do with it. My vpn-server runs on a opnsense machine.
On my client I have enabled ipenablerouter, so as soon as data with destination TARGET will arrive on the client it should automatically forward it to the right interface.
What am I missing?
BTW: I could also work with port-forwarding of several ports, but in this case TARGET needs to see another IP then the VPN_CLIENTs as SOURCE (otherwise the service running on TARGET wont work).
