I have setup OpenVPN on Win2K12R2 on AWS. I want MyOffice LAN network to be accessible from MyHome PC.
Client Subnet - 10.8.0.0/24
MyHome Subnet - 192.168.1.0/24
MyOffice Subnet - 192.168.2.0/24
I will connect from MyHome to OpenVPN Server and also connect MyOffice to OpenVPN Server. Once this connection is successful i want to communicate with other devices in MyOffice LAN from MyHome.
Both Client Config
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:/Program Files/OpenVPN/keys/ca.crt"
cert "C:/Program Files/OpenVPN/keys/client-Myxxxx.crt"
key "C:/Program Files/OpenVPN/keys/client-Myxxxx.key"
remote-cert-tls server
cipher AES-256-CBC
verb 3
mute 20
Server Config
port 1194
proto udp
dev tun
ca "C:/Program Files/OpenVPN/keys/ca.crt"
cert "C:/Program Files/OpenVPN/keys/server.crt"
key "C:/Program Files/OpenVPN/keys/server.key"
dh "C:/Program Files/OpenVPN/keys/dh2048.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.2.0 255.255.255.0"
client-config-dir ccd
route 192.168.2.0 255.255.255.0
client-to-client
push "route 192.168.2.0 255.255.255.0"
;duplicate-cn
persist-key
persist-tun
Kindly suggest.
Answer
You have to make sure your office PC has a static vpn 10.8.0.x IP (use ccd directory for this, although generally pool persist should be ok).
You have to allow IP forwarding on your office PC (depends on OS how you do that).
Then create a route for 192.168.2.0/24 that has your office PC VPN IP as gateway (not you VPN server!)
client-to-client is enabled so you should ok
Edit:
Create a file in your ccd directory having name of your office pc client name
In this file add this line:
iroute 192.168.2.0 255.255.255.0
You can see more info about this on the following page
https://community.openvpn.net/openvpn/wiki/RoutedLans
No comments:
Post a Comment