On Sun, Aug 4, 2019, 23:34 Lorenz <lor...@use.startmail.com> wrote: > Hey there, > > I'm trying to connect two networks using a bridged OpenVPN (site to > site) setup. > The OpenVPN server is located within network A and the OpenVPN client in > network B. Both networks are connected to the internet via a router. > Network A and network B do use different subnets. > The goal is to "move" all clients of network B (which are connected to > server 2's eth1) into network A. All clients of network B should think > they are actually in network A. They should get their DHCP leases from > the router of network A, be able to communicate with every client within > network A, and their internet traffic should look like it has originated > from network A. > > The machine which is running the OpenVPN server has only one network > interface. The OpenVPN client, on the other hand, has two, one connected > to the router and the other one to all the clients. > > Bridging the tap adapter and the network interface on the OpenVPN server > machine works as expected. On the OpenVPN client's machine, I'm using > the same up script as on the server with minor modifications to bridge > the tap adapter with eth1. > Everything seems to work. Clients of network B do get DHCP leases from > the router of network A and can communicate with all clients located in > network B. > But there is one tiny problem: All the clients of network B do not add > any default routes. When manually adding a default route on the clients > of network B through the router of network a (ip route add default via > router-a-address-here), the setup works as it should. Clients of network > B then can reach the internet through network A. > I understand that you have one server and one client. Then at eth1 of client you have several computers. I would avoid using the term client for these computers since they are not vpn clients but just devices on network B connected at eth1 of client. This will avoid confusion. I suspect that pcs at network B are not able to add default gw pushed from DHCP of A since that gw is not known to them (does not belong at network B). For computers at net B to reach internet through A it is enough to have redirect-gateway def1 for the client. This will force all traffic from client to go through the tunnel. In case computers are still not able to reach Internet through A then I would check NAT, firewall, routing at client.
> > > The OpenVPN guide for ethernet bridging [1] mentions some iptable rules, > which I do not think are necessary, because they did not make any > difference. > The up and down scripts used by me originate from [2]. > > All machines run Debian Buster. > > I do know the directive "redirect-gateway def1" can be used to add a > default route to the OpenVPN client's machine, but this does not affect > the remaining clients of network B. > > Do you know why all clients of network B do get DHCP leases of network A > but do not add any default routes? Shouldn't they automatically add > default routes when getting DHCP leases? > > > Thank you for your help! > > > Best > Lorenz > > [1] > > https://openvpn.net/community-resources/ethernet-bridging/#bridge-server-on-linux > [2] https://wiki.archlinux.org/index.php/OpenVPN_Bridge > > > > > Network A Network B > > ------------------ ---------- ---------- > ------------------ ---------- > | Sever 1 | -------- | Router | -------- INTERNET > -------- | Router | -------- eth0 | Server 2 | eth1 ------- > | Client | > | OpenVPN Server | | ---------- ---------- | > OpenVPN Client | | ---------- > ------------------ | ------------------ | > | | ---------- > ------------------ | |--- | Client | > | Client | ----| | ---------- > ------------------ | | > | | ---------- > ------------------ | |---- | Client | > | Client | ----| | ---------- > ------------------ | | > > ... ... > > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users >
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
