I'm sorry if this problem has already been explained in another thread, but I couldn't find a solution to my problem anywhere.
I have a question about the attached network diagram. Can I permanently share the port of any service from the host 192.168.1.21 under router R2 to the host 192.168.1.121 under router R1? There is a 192.168.1.112 server in the network under router R1, which is connected to the 192.168.1.20 server under router R2 via the tun0 network (OpenVPN).
I am able to successfully tunnel the ports via SSH, but I would like a permanent solution. I will be grateful for your help.
All servers have a Linux operating system.
EDIT: 2024-03-08
I changed the address inside the network under R2 to 192.168.2.0.I added routes to both routers. Below is the result after executing tracert on PC1.
the router's website (192.168.2.1) is not displayed in the browser. The address 192.168.2.21 should lead to another server. The 192.168.2.21 server can be pinged without any problems inside the 192.168.2.0 network.
Tracert from 192.168.2.21 to 192.168.1.1
router configuration 192.168.1.1
router configuration 192.168.2.1
server configuration
local 192.168.1.112
port 1194
proto tcp4
dev tun
ca ca.crt
cert server-dell.crt
key server-dell.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
#ifconfig 10.8.0.1 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
client-config-dir ccd
;push "route 192.168.1.0 255.255.255.0"
;push "route 10.8.0.0 255.255.255.0"
;push "route 192.168.2.0 255.255.255.0"
;route 192.168.2.0 255.255.255.0
client-to-client
push "route 192.168.1.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
route 192.168.2.0 255.255.255.0
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
status /var/log/openvpn/openvpn-status.log
verb 3
ccd configuration
ifconfig-push 10.8.0.10 255.255.255.0
iroute 192.168.2.0 255.255.255.0
I tried different configuration variant.
Edit: 2024-03-09
from PC1 level (192.168.1.120) I am able to display the service from 10.8.0.1 in the browser but I am not able to display the service from 10.8.0.10 or 192.168.2.20. From vm windows 10 (192.168.2.22) I am able to display the service from the address 192.168.1.112. The client's LAN sees the openvpn server's LAN as if the server's LAN does not see the client's LAN.
EDIT 2024-03-10
don't know if it is important, but the client of the tun0 network is another host from the same LAN. The host IP is 192.168.2.115. It's not in the diagram
EDIT: 2024-03-11
After adding the appropriate rules in iptables, my openVPN server (10.8.0.1 or 192.168.1.112) is now able to ping LAN machines on the client side and display programs in the browser (e.g. Webmin). Unfortunately, from the LAN level on the server side (e.g. PC1 192.168.2.120) I am not able to ping the machines on the client's LAN side (e.g. Webadmin does not work).
EDNIT 2024-03-12
Success. I finally managed to make a LAN to LAN connection. The solution was the following commands executed on the OpenVPN server.
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o enp2s0 -J ACCEPT
iptables -A FORWARD -i tun0 -o enp2s0 -j ACCEPT
iptables -A FORWARD -i enp2s0 -o tun0 -j ACCEPT
10.8.0.0
vpn network. Otherwise, the R1 and R2 networks need to be separate for basic routing, like192.168.1.0/24
and192.168.2.0/24
. Then you could add a route on R1 or PC1 to the R2 network via the vpn server for example, but currently PC1 would assume the R2 network is directly attached192.168.2.0/24
network? You may be able to tell withtracert 192.168.2.1
for example, and see if the next hops go through the vpn or out to the internet instead