What's new

How to allow different VPN clients ping each other?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

nickolasm5

Occasional Visitor
Asus ac86u merlin 386.13_2
I've set up Open VPN and PPTP servers
ASUS LAN - 192.168.3.0
OpenVPN - 10.8.0.0
PPTP - 10.8.20.0

OpenVPN clients can ping other OpenVPN clients - 10.8.0.0 and LAN 192.168.3.0, but they cant ping PPTP network 10.8.20.0 (from the asus router I can ping any network)
How to allow OpenVPN cleints ping 10.8.20.0?

and one more question, do I understand correct, to add a permanent route I can create a script like
#!/bin/sh

ip route add 192.168.7.0/24 via 10.8.20.2
 
Are the OpenVPN clients configured to use the OpenVPN server as their default gateway? Because if they are NOT, those same OpenVPN clients will NOT know the PPTP's IP network is accessible over the OpenVPN connection unless you push the PPTP route (in the OpenVPN server custom config field) to the OpenVPN clients.

Code:
push "route 10.8.20.0 255.255.255.0 vpn_gateway"

Note: The vpn_gateway keyword is the default, and strictly speaking, NOT necessary. I added it for clarity.

Secondly, if the OpenVPN server is configured as "LAN only", this specifically limits access to the private IP network on which the OpenVPN server is running (presumably 192.168.3.0/24). It does NOT include any additional private IP networks that might otherwise be accessible from that OpenVPN server. You would either have to change the access to "Both" or add firewall rules to the FORWARD chain of the OpenVPN server's firewall for that purpose.
 
Are the OpenVPN clients configured to use the OpenVPN server as their default gateway? Because if they are NOT, those same OpenVPN clients will NOT know the PPTP's IP network is accessible over the OpenVPN connection unless you push the PPTP route (in the OpenVPN server custom config field) to the OpenVPN clients.

Code:
push "route 10.8.20.0 255.255.255.0 vpn_gateway"

Note: The vpn_gateway keyword is the default, and strictly speaking, NOT necessary. I added it for clarity.

Secondly, if the OpenVPN server is configured as "LAN only", this specifically limits access to the private IP network on which the OpenVPN server is running (presumably 192.168.3.0/24). It does NOT include any additional private IP networks that might otherwise be accessible from that OpenVPN server. You would either have to change the access to "Both" or add firewall rules to the FORWARD chain of the OpenVPN server's firewall for that purpose.
Hi, setting "Both" works perfect even without push "route 10.8.20.0 255.255.255.0 vpn_gateway", yet in that case all traffic goes through the VPN wich I don't want. How do I add "FORWARD chain of the OpenVPN server's firewall" in ASUS ac86U
 
Hi, setting "Both" works perfect even without push "route 10.8.20.0 255.255.255.0 vpn_gateway", yet in that case all traffic goes through the VPN wich I don't want. How do I add "FORWARD chain of the OpenVPN server's firewall" in ASUS ac86U

The explicit route is NOT necessary when you use the "Both" option because that causes the OpenVPN server to make itself the default gateway for those OpenVPN clients, in which case, the 10.8.20.0/24 network is discovered dynamically, once the OpenVPN clients actually reach the server's routing tables. But as you said, it means internet access too.

You can add firewall rules using a firewall-start script, similar to the following...


... only the specific rule would be something like ...

Code:
iptables -I FORWARD -i tun2+ -d 10.8.20.0/24 -j ACCEPT
 
Great! i solved the problem with traffic adding
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway

to the client config
 
If you want to prevent the OpenVPN client from becoming the default gateway via the client config, it would be better to prevent it from happening in the first place rather than overriding it (as you've done w/ those routes) by adding the following to the OpenVPN client config.

Code:
pull-filter ignore redirect-gateway
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top