# [solved] openvpn network

## h0mer`-

this is my private network at home i am having problems with.

router&gateway (10.8.10.10)

openvpn server: eth0 10.8.10.1; tun0 10.8.0.1

my router connects the lan to the internet and forwards the openvpn port 1194 to the server 10.8.10.1

connecting works and my client gets its ip address.

i have ip forwarding enabled and switched my firewall off for the tests.

this is my openvpn server config

```

server 10.8.11.0 255.255.255.0

push "route 10.8.10.0 255.255.255.0"

#push "redirect-gateway"

```

i can ping the server but i cant ping any host on my home network. the push redirect gateway option doesnt change a thing.

thanks for any help.Last edited by h0mer`- on Tue Jul 07, 2009 9:11 am; edited 1 time in total

----------

## bbgermany

Hi,

do the clients know how to find the openvpn network? If not, you wont be able to ping any host in your network behind the openvpn server.

bb

----------

## h0mer`-

what do u mean by openvpn network? my intranet is 10.8.10.0/24 and the vpn network is 10.8.11.0/24. ofc the clients know the openvpn network cause it is the network they are automatically in when they are connected. the question should be if the know about the intranet. and apparently they don't know about the intranet cause i cant ping anything besides the server i am connected with. to make my clients aware of my intranet i thought this line

 *Quote:*   

> push "route 10.8.10.0 255.255.255.0"

 

is sufficient info for the clients, isnt it?

----------

## bbgermany

I mean the following. If you ping a client (for example 10.8.10.1) from an openvpn client (for example 10.8.11.10), do the client 10.8.10.1 know the way to the 10.8.11.0 network?

bb

----------

## h0mer`-

 *bbgermany wrote:*   

> I mean the following. If you ping a client (for example 10.8.10.1) from an openvpn client (for example 10.8.11.10), do the client 10.8.10.1 know the way to the 10.8.11.0 network?
> 
> bb

 

apparently we seem to misunderstand each other - this is exactly what i try to accomplish by pushing the route to the clients with the line in my last post.

obviously i am wrong  :Smile:  and if you have an idea how to solve this and what i have to put into my serverconfig please enlighten me.

----------

## bbgermany

And thats exactly why you dont understand me. Pushing the route only doesnt help for clients in your local lan, coz they dont even know about the openvpn network. Either they need their default gateway on your openvpn server, or your default gateway know how to reach the openvpn network via a static route.

bb

----------

## jamapii

push "route ..." on the server should have the effect that a route is created in the client.

This route should be visible with "route -n" or "ip route" commands on the client, and have an address in the openvpn subnet as gateway.

Just reading this (bbgermany):  *Quote:*   

> Pushing the route only doesnt help for clients in your local lan, coz they dont even know about the openvpn network. Either they need their default gateway on your openvpn server, or your default gateway know how to reach the openvpn network via a static route. 

 

your problem is expected. As the gateway (router) and the openvpn server are different, it is possible, with a naive configuration, that they send their 10.8.11 traffic to the router, and the router doesn't know about it.

If the router has a static route for 10.8.11 to the openvpn server, I guess it should suddenly work  :Smile: 

----------

## h0mer`-

thanks for your help so far. i will try it tomorrow from work and let you know if everything worked out.

----------

## h0mer`-

doesnt work -  both routers are linksys wrt54gl with dd-wrt firmware.

i added to both of them the static route 

```
route add -net 10.8.11.0 netmask 255.255.255.0 gw 10.8.10.1
```

----------

## bbgermany

Then additionally check for ipforwarding on your openvpn server. It must be enabled.

bb

----------

## h0mer`-

ip_forwarding was enabled.

the problem was fixed with including those two rules to my iptables configuration.

```
iptables -t nat -I POSTROUTING -s 10.8.11.0/24 -o eth0 -j MASQUERADE

iptables -t nat -I POSTROUTING -s  10.8.10.0/24 -o tun0 -j MASQUERADE
```

thanks - problem solved.

----------

