0

I have found many resources describing how to expose networks behind OpenVPN server. But I could not find much about following situation:

  • one of the clients has got two interfaces

  • one interface is connected to the internet

  • through that interface OpenVPN traffic is routed (tun)

  • OpenVPN network is configured as 10.10.0.0/24

  • another interface on that client is configured as 192.168.0.0/24

  • on that 192.168.0.0/24 network I have an internal web server

I have another OpenVPN client sitting in separate location and it is also configured to sit in network 10.10.0.0/24

How to make an internal web server on my first OpenVPN client's (as described above) available from my other OpenVPN client?

Improve this question
5
  • When I re-read your problem I was not sure whether I got you right. Now I understand it like the following: You have two clients (c1,c2) directly connected with eachother via VPN (10.10.0.0/24). One of them (i.e. c1) has two network interfaces. In the local network of c1 there is a web server. Now you want this web server exposed to the VPN client on the other end (c2). Please correct me if I am wrong. I will disable my answer as it was targeted for the problem I previously thought it would be.
    – duelle
    Commented Aug 19, 2015 at 18:26
  • Hey duelle, my architecture is: two (and more) clients connected each with other over OpenVPN. All clients establish OpenVPN connection with the server on the cloud and then my server is configured such way that I can access one client from another. One of the clients has got two network interfaces - wired and wireless. Wireless supplies internet connection. Wired sits on different subnet and one host on that subnet acts as a web server.
    – Greg0ry
    Commented Aug 19, 2015 at 20:18
  • Thanks Greg0ry for the clarification. My first guess here would be some kind of proxy server on the VPN client attached to the network the web server is in. The proxy would then act as the "bridge" between the two networks. Note: That is the way I would further investigate - though I do not know whether this is the (best) way to go.
    – duelle
    Commented Aug 19, 2015 at 20:34
  • Thanks duelle, I was hoping OpenVPN can do some sort of routing on the client so that networks behind the client would be advertised back to other clients (or at least back to the server). Anyways - thanks!
    – Greg0ry
    Commented Aug 19, 2015 at 21:04
  • I am not aware of such a feature - though this doesn't mean it doesn' exist.
    – duelle
    Commented Aug 19, 2015 at 21:12

1 Answer 1

Reset to default
1
+50

You can use push-route to push routes to your clients when they connect. You will I think need to use client-config-dir and "route" too.

Let's assume your first client (with the 2nd NIC) is C1, and the other one is C2.

Here's an example for server config:

push "route 192.168.0.0 255.255.255.0"
client-config-dir ccd
route 192.168.0.0 255.255.255.0

Then in the ccd directory, you need to create files named "C1" :

iroute 192.168.0.0 255.255.255.0

(indicating this client can route to this subnet)

You may also need to locally configure your router, adding static routes to indicate that your local OpenVPN client can route traffic to specific subnets. So far, C2 should have access to C1, but anything on C2 subnet won't. If C2 subnet should have access to C1 192.168.0.0/24 subnet, you'll need to setup your local router with a route saying C2 is the way to 192.168.0.0/24. (Of course, depending on your setup, there may be other way to do it) If that's what you want, you'll need to enable IP routing on C2 (under Windows: https://answers.microsoft.com/en-us/windows/forum/windows_7-networking/how-to-enable-ip-routing-in-windows-7/8970e722-e947-460d-80d5-fd6ffc850f3f?auth=1 , under Linux: https://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent).

Improve this answer
5
  • Thanks for your answer, can you modify your config excerpts to use my scenario? my openvpn operates on 10.10.0.0/24 network (all clients and the server draw addresses from this network). First client has got additional interface that draws address from 192.168.0.0/24 and by typing ping 192.168.0.7 on second client I would like to see responses from 192.168.0.7 connected to the first client's network. Also how would I configure this first client - would OpenVPN take care of routing between this 192.168.0.0/24 network and 10.10.0.0/24 network without reconfiguring linux config on that machine?
    – Greg0ry
    Commented Aug 21, 2015 at 15:22
  • @Greg0ry: done... your comment removed any doubt in my mind about your setup.
    – user1532080
    Commented Aug 23, 2015 at 1:16
  • Thanks, you was the only one to pick this up so bounty is yours. I cannot test this at this moment but will comment once tested.
    – Greg0ry
    Commented Aug 23, 2015 at 17:31
  • Hahaha, thanks I'm new to the site so I'm not too sure what it means. I've removed it from my answer, but just know that it is totally feasible, I have this kind of setup. So if you can't get it to work, don't despair and come back ;)
    – user1532080
    Commented Aug 24, 2015 at 10:27
  • I have added extra 50 points of reputation as a reward for answering this question - so you got additional 50 reputation :-)
    – Greg0ry
    Commented Aug 24, 2015 at 11:18

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .