Hi, On Mon, Sep 16, 2024 at 09:15:24AM +0200, Antonio Quartulli wrote: > In a nutshell, you need to configure both a route and a "iroute" to inform > the VPN server (your relay point) where a certain LAN is.
AND some amount of NAT might be involved, depending on "from where do
you want to access this Client-LAN?" - something in the Server-Network,
some *other* Client of "the OpenVPN Server", or "The Internet".
From OpenVPN's point of view, "it is easily solved" :-)
- on the openvpn client, enable ip forwarding (so it won't throw
away packets "not to itself" but will forward them to the LAN)
- on the openvpn server, use route+iroute to ensure that the client
LAN is sent to *this* connection (-> what Antonio said)
- ensure routing to the VPN, that is, either:
- on all(!) involved machines make sure that "routes to client LAN"
and "routes back to whoever accesses the client LAN" point towards
the respective OpenVPN machines
or:
- add sufficient doses of iptables NAT wherever suitable so routing
isn't needed
the best approach here is to do a big picture showing all network infra
(routers on both ends, OpenVPN server, OpenVPn clients), and "the networks
involved" (client network, etc.), and then check what machines need to
know so IP packets can flow both ways - either "routes" or "packet gets
NATted, so no routes needed".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
