Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN + multiple "IPv4 Local Network"

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    4 Posts 3 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      themr0c
      last edited by

      Hi, another newbie question:

      My users should access to multiple zones from their OpenVPN sessions.

      Let's say, they should access to LAN : 10.0.0.0/24, and also to DMZ : 192.168.1.1/24

      When I configure the OpenVPN server i see no option to configure routing to multiple local networks. Reading "IPv4 Local Network" desciption, the range can only be unique:

      "IPv4 Local Network"
This is the network that will be accessible from the remote endpoint. Expressed as a CIDR range. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.

      Is there a way to do it, except to move the DMZ to another range which would permit to have LAN and DMZ in a single range, let's say 10.0.1.0/24 and define local network as 10.0.0.0/8 ?

      1 Reply Last reply Reply Quote 0
      • B
        bardelot
        last edited by

        You can use the "Advanced configuration" section to add those routing options
        e.g. push "route 192.168.1.0 255.255.255.0";

        Edit:
        Using a recent snapshot it is also possible to specify multiple networks separated by commas.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          Yes, if you are on a recent (last 3 days) 2.1-BETA1 then you can put comma-separated lists of subnets in the local and remote subnet fields, e.g.

          10.0.0.0/24,192.168.1.1/24

          I just tried one from a peer-to-peer (site-to-site) link, putting a list in the Remote Network field of the client end (telling it what is at the server) - that has a small bug, so it doesn't work, I have made some comments on the commit from a few days ago (bed time now - no time to properly test and submit the fix right now!).
          Edit: jimp has got onto it already and committed a good-looking fix - thanks. The next snapshot after the time of this comment will have this bit also working.
          But it should all work at the server end now. You will want to put your list in the Local Networks field at the server end.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • T
            themr0c
            last edited by

            fine ! i will try the latest snapshot then ! tanks !

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.