# [SOLVED] OpenVPN & IPRoute - LAN to Remote Server

## Crimjob

Hey Guys,

I've been battling it out with OpenVPN for about a week now. I finally have everything working to the point where I can ping across the tunnel, but I can't for the life of me get routing working correctly so that my LAN can access the remote server without having an openvpn client installed and configured for it. I have a feeling I'm just missing something silly so hoping someone can help me out!

My situation is basically this. I have a LAN at home with a dynamic IP Address, and a remote server with a static IP Address. I've set up the OpenVPN server on my remote server as it has a static IP, and the OpenVPN client sits on my Linux gateway at home on my LAN (which also serves DHCP & Internet to the rest of the LAN). The LAN is at 192.168.0.0/22 and the VPN server is configured as 192.168.3.1 with the client configured as 192.168.3.2. I want to be able to access 192.168.3.1 over the rest of the network on 192.168.0.0/22, but right now, I can only ping it from 192.168.3.2. I can ping 192.168.3.2 from the rest of 192.168.0.0/22, but not 192.168.3.1. My firewall is also configured to allow all traffic on tap0 currently until I get things working correctly. I have a strong feeling I'm missing an IP Route but I've tried so many combinations with no luck at all I just don't know what else to try.

My Server Config:

```
port 1194

proto tcp-server

dev tap

tls-server

ca gateway/ca.crt

cert gateway/gateway.crt

key gateway/gateway.key

dh gateway/dh2048.pem

tls-auth ta.key 0

mode server

duplicate-cn

ifconfig 192.168.3.1 255.255.252.0 # openvpn gateway

ifconfig-pool 192.168.3.2 192.168.3.3 255.255.252.0 # ip range for openvpn clients

push "dhcp-option DNS 192.168.0.1"

push "route-gateway 192.168.3.2"

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

ping 10

ping-restart 120

push "ping 10"

push "ping-restart 60"

push "route 192.168.0.0 255.255.252.0 192.168.3.2"

push "route 192.168.3.0 255.255.252.0 192.168.0.1"

persist-key

persist-tun

comp-lzo

status openvpn-status.log

verb 3

```

My Client Config:

```
port 1194

proto tcp-client

dev tap

remote x.x.x.x

resolv-retry infinite

nobind

tls-client

ca client/ca.crt

cert client/client.crt

key client/client.key

tls-auth ta.key 1

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

pull

persist-key

persist-tun

comp-lzo

verb 3

```

Now I've tried many different push routes on the server with restarting both client and server afterwords but I can only ever ping from client to server or back, never from the rest of the network.

Thanks in advanced for any replies!

----------

## Nimo

Have you tried: 

```
echo 1 > /proc/sys/net/ipv4/ip_forward
```

 on both the OpenVPN-boxes?

If that doesn't help, please post the output from 

```
route -n
```

 from both OpenVPN-boxes.

----------

## Crimjob

Thanks for the response Nimo!

I do have ip_forwarding enabled on both boxes. Unfortunately I managed to fix this myself and I'm not really sure how  :Razz: 

I basically took the OpenVPN sample configurations and modified them for myself (ignoring everything on the guides / manuals / gentoo wiki etc.) and it seems to do just what I need it to do now.

Server Config

```
port 1194

proto udp

dev tun

ca gateway/ca.crt

cert gateway/gateway.crt

key gateway/gateway.key  # This file should be kept secret

dh gateway/dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.0.0 255.255.252.0"

keepalive 10 120

tls-auth ta.key 0

comp-lzo

persist-key

persist-tun

status openvpn-status.log

verb 3

```

Client Config:

```
client

dev tun

proto udp

remote x.x.x.x 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca client/ca.crt

cert client/client.crt

key client/client.key

tls-auth ta.key 1

comp-lzo

verb 3

```

Perhaps my old config was too wacky with all the MTU settings and such? Either way it's working the way I need it now  :Very Happy: 

----------

