OpenVPN failing to push local LAN network onto clients [SOLVED]
-
Hi all
First, the nitty gritty:
Server
dev ovpns2 verb 5 dev-type tun dev-node /dev/tun2 writepid /var/run/openvpn_server2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-256-CBC auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 10.1.1.2 tls-server server 10.8.0.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'mydomain.told' 1 " lport 1194 management /var/etc/openvpn/server2.sock unix max-clients 20 push "route 192.168.1.1 255.255.255.0" push "dhcp-option DNS 192.168.1.1" push "register-dns" client-to-client ca /var/etc/openvpn/server2.ca cert /var/etc/openvpn/server2.cert key /var/etc/openvpn/server2.key dh /etc/dh-parameters.2048 crl-verify /var/etc/openvpn/server2.crl-verify persist-remote-ip float
Client
dev tun persist-tun persist-key cipher AES-256-CBC auth SHA256 tls-client client resolv-retry infinite remote my server.ip 1194 udp lport 0 verify-x509-name "mydomain.tld" name ns-cert-type server verb 5 <ca>snip</ca> etc
As you can probably work out, my local LAN is 192.168.1.0/24. I want to be able to talk to my local LAN from my VPS (which is the client in this instance) and vice versa. Rules seem to be OK because I can ping from the LAN to the VPS but not vice versa.
When I check the client log's, I see this:
Dec 20 08:12:49 snip[11134]: [mydomain.told] Peer Connection Initiated with [AF_INET]server.ip:1194 Dec 20 08:12:51 snip[11134]: SENT CONTROL [mydomain.tld]: 'PUSH_REQUEST' (status=1) Dec 20 08:12:51 snip[11134]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0,dhcp-option DNS 192.168.1.1,dhcp-option DNS isp.dns,register-dns,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' Dec 20 08:12:51 snip[11134]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: register-dns (2.3.2) Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: timers and/or timeouts modified Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: --ifconfig/up options modified Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: route options modified Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Dec 20 08:12:51 snip[11134]: ROUTE_GATEWAY snip/255.255.192.0 IFACE=eth0 HWADDR=snip Dec 20 08:12:51 snip[11134]: TUN/TAP device tun0 opened Dec 20 08:12:51 snip[11134]: TUN/TAP TX queue length set to 100 Dec 20 08:12:51 snip[11134]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Dec 20 08:12:51 snip[11134]: /sbin/ip link set dev tun0 up mtu 1500 Dec 20 08:12:51 snip[11134]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5 Dec 20 08:12:51 snip[11134]: /sbin/ip route add 192.168.1.1/24 via 10.8.0.5 Dec 20 08:12:51 snip[11134]: ERROR: Linux route add command failed: external program exited with error status: 2 Dec 20 08:12:51 snip[11134]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.5
The funny thing is, when I run sudo ip route add 192.168.1.1/24 via 10.8.0.5 manually after the connection is established, the route adds fine and I can ping to the local LAN from the VPS client.
Is there something processing out of order here that I need to fix or something?
-
192.168.1.1 is not what you want. Try 192.168.1.0. Also suspect you do NOT really want the net30 crap.
-
After looking at it for several hours, its the little things you miss.
Cheers!
As to the net30 crap, I wasn't getting routes pushed, so I'll fix that up now, not that it's causing too many dramas, but you are right, I doubt I need it.
Thanks again.