Networking – Access Client side LAN on VPN server

networkingopenvpnrouterroutingvpn

Till now I have managed to installed OpenVPN server on DigitalOcean and OpenVPN client on Raspberry Pi. My Raspberry Pi's OpenVPN IP is 10.8.0.6 which I can ping from OpenVPN server. Now this RPi is connected to LAN netword(gateway 10.1.1.253, SubnetMask:255.255.252.0) by IP 10.1.2.14. There is another Linux system connected to this client's(RPi) network and its IP is 10.1.2.2.

Now I want to access 10.1.2.2 from OpenVPN server via VPN. Can anybody explain me how should I do this ?

EDIT: As per @masgo's suggestion, I did following

  1. In server.conf file, added client-config-dir /etc/openvpn/ccd , route 10.1.0.0 255.255.252.0 and push "route 10.1.0.0 255.255.252.0"
  2. In /etc/openvpn/ccd/lappy file, added iroute 10.1.0.0 255.255.252.0
  3. Now I am able to ping to ip 10.1.2.14(OpenVPN's client) from OpenVPN server but not to ip 10.1.2.2. What I am missing in client side routing?

Best Answer

  • Two things:

    1. Are you sure you have your local network Ok? If the gateway is 10.1.1.253, and the netmask is 255.255.255.252, pcs 10.1.2.2 and 10.1.2.14 are not on the same network as the gateway.

    2. The packet from the Ocean server comes bearing as an IP address the other end of the OpenVPN tunnel, presumably 10.8.0.1. When this reaches 10.1.2.2, this sees it belongs to a different subnet than its own, and will thus try to forward its reply the only way it knows, i.e. via the gateway, not via the OpenVPN client. Hence the return ping never comes back.

      The way to circumvent this is to add the following iptables rule on the RPI:

      iptables -t nat -A POSTROUTING -d (here your local network) -j MASQUERADE
      

      This way the packet will be sent back to the OpenVPN client. I did not insert your network because it is not clear which one that is: if it is 10.1.2.0/30 please insert that, or modify accordingly.

  • Related Question