OpenVPN failing to push local LAN network onto clients [SOLVED]

jarrad

Hi all

First, the nitty gritty:

Server

dev ovpns2
verb 5
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.1.1.2
tls-server
server 10.8.0.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'mydomain.told' 1 "
lport 1194
management /var/etc/openvpn/server2.sock unix
max-clients 20
push "route 192.168.1.1 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "register-dns"
client-to-client
ca /var/etc/openvpn/server2.ca
cert /var/etc/openvpn/server2.cert
key /var/etc/openvpn/server2.key
dh /etc/dh-parameters.2048
crl-verify /var/etc/openvpn/server2.crl-verify
persist-remote-ip
float

Client

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote my server.ip 1194 udp
lport 0
verify-x509-name "mydomain.tld" name
ns-cert-type server
verb 5
 <ca>snip</ca> etc

As you can probably work out, my local LAN is 192.168.1.0/24. I want to be able to talk to my local LAN from my VPS (which is the client in this instance) and vice versa. Rules seem to be OK because I can ping from the LAN to the VPS but not vice versa.

When I check the client log's, I see this:

Dec 20 08:12:49 snip[11134]: [mydomain.told] Peer Connection Initiated with [AF_INET]server.ip:1194
Dec 20 08:12:51 snip[11134]: SENT CONTROL [mydomain.tld]: 'PUSH_REQUEST' (status=1)
Dec 20 08:12:51 snip[11134]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0,dhcp-option DNS 192.168.1.1,dhcp-option DNS isp.dns,register-dns,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
Dec 20 08:12:51 snip[11134]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: register-dns (2.3.2)
Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: route options modified
Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 20 08:12:51 snip[11134]: ROUTE_GATEWAY snip/255.255.192.0 IFACE=eth0 HWADDR=snip
Dec 20 08:12:51 snip[11134]: TUN/TAP device tun0 opened
Dec 20 08:12:51 snip[11134]: TUN/TAP TX queue length set to 100
Dec 20 08:12:51 snip[11134]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 20 08:12:51 snip[11134]: /sbin/ip link set dev tun0 up mtu 1500
Dec 20 08:12:51 snip[11134]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Dec 20 08:12:51 snip[11134]: /sbin/ip route add 192.168.1.1/24 via 10.8.0.5
Dec 20 08:12:51 snip[11134]: ERROR: Linux route add command failed: external program exited with error status: 2
Dec 20 08:12:51 snip[11134]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.5

The funny thing is, when I run sudo ip route add 192.168.1.1/24 via 10.8.0.5 manually after the connection is established, the route adds fine and I can ping to the local LAN from the VPS client.

Is there something processing out of order here that I need to fix or something?

doktornotor

192.168.1.1 is not what you want. Try 192.168.1.0. Also suspect you do NOT really want the net30 crap.

jarrad

After looking at it for several hours, its the little things you miss.

Cheers!

As to the net30 crap, I wasn't getting routes pushed, so I'll fix that up now, not that it's causing too many dramas, but you are right, I doubt I need it.

Thanks again.