6 months ago or so I have set up a system where I have two fiber connected LAN segments in different locations tied together with OpenVPN into one single LAN using addresses 192.168.117.x and 192.168.119.x.
The two segments have routers configured such that the 117 LAN connects with OpenVPN to my main LAN on 119 and the main LAN router has its routing set up to channel traffic for 117 via the OpenVPN tunnel. It works well for devices connected to the two LAN sections directly, but not when a device is connected to the main LAN via OpenVPN while travelling. In this case (I am now half a workld away from home) I can reach my home LAN (119) but not the 117 LAN... So now I wonder how I should set up the OpenVPN server on the main LAN such that if a client wants to talk to a device on the 117 segment it can actually reach it? The server is set up for a split tunnel such that if a client addresses the server side LAN it will route through the tunnel but for Internet traffic it should use the local gateway directly. Now I think that it is actually doing this for traffic to LAN segment 117 too and this is what I would like to change. Here is my server side conf file: # this is the config for local only access port 1190 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh2048.pem tls-auth /etc/openvpn/keys/ta.key 0 topology subnet server 10.8.139.0 255.255.255.0 'nopool' ifconfig-pool 10.8.139.2 10.8.139.127 255.255.255.0 ifconfig-pool-persist ipplocal.txt push "route 192.168.119.0 255.255.255.0" #Local LAN access push "dhcp-option DNS 192.168.119.1" #Local server push "dhcp-option DNS 208.67.220.220" #Public server keepalive 10 120 cipher AES-256-CBC #Disable compression and push this to the client comp-lzo no push "comp-lzo no" # This is needed for site-to-site routing via remote Router client-config-dir /etc/openvpn/ccdl route 192.168.117.0 255.255.255.0 # Allow other clients to the server to also reach remote client-to-client push "route 192.168.117.0 255.255.255.0" # end site-to-site routing max-clients 20 persist-key persist-tun status /etc/openvpn/log/ovpn-status_local.log log /etc/openvpn/log/ovpn_local.log verb 4 mute 10 explicit-exit-notify 1 push "explicit-exit-notify 1" It seems like the following line does not affect the connected VPN clients on the server LAN: route 192.168.117.0 255.255.255.0 What could I change to make it work? Can this line be modified to encompass a larger subnet maybe? push "route 192.168.119.0 255.255.255.0" #Local LAN access for example 192.168.116.0/22 (covering 116, 117, 118, 119) -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
