There is a remote server with ip xxx.xxx.xxx.xxx running OpenVPN server. There is a computer with a subnet 192.168.31.0/24. There is a router with an OpenVPN client. Subnet 192.168.1.0/24
When a connection is established, all computers and routers have access to their addresses issued by the OpenVPN server (subnet 10.8.0.0/24).
It is necessary to get access to devices not by addresses, but by their local addresses (for example, 192.168.1.1). You also need to get access to devices from the 192.168.1.0/24 subnet located behind the router.
Itself did not master to deal with iptables. But for example, the vpnki.ru service does this without problems, and without setting up routing on clients.
Server config:
port 1194 proto udp dev tun sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-auth ta.key 0 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt client-config-dir /etc/openvpn/ccd client-to-client route 192.168.1.0 255.255.255.0 route 192.168.2.0 255.255.255.0 route 192.168.31.0 255.255.255.0 keepalive 10 120 cipher AES-256-CBC user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 crl-verify crl.pem Client config:
client dev tun proto udp sndbuf 0 rcvbuf 0 remote ххх. ххх. ххх. ххх 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC key-direction 1 verb 3 In the ccd folder, the following files are registered in the files with clients' names:
ifconfig-push 10.8.0.110 255.255.255.0 push «route 10.8.0.0 255.255.255.0» push «route 192.168.1.0 255.255.255.0» in accordance with the desired networks.
Tell people smart how to win.
Quickly perform any actions to provide additional information.
