OpenVPN failing to push local LAN network onto clients [SOLVED]



  • Hi all

    First, the nitty gritty:

    Server

    dev ovpns2
    verb 5
    dev-type tun
    dev-node /dev/tun2
    writepid /var/run/openvpn_server2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 10.1.1.2
    tls-server
    server 10.8.0.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'mydomain.told' 1 "
    lport 1194
    management /var/etc/openvpn/server2.sock unix
    max-clients 20
    push "route 192.168.1.1 255.255.255.0"
    push "dhcp-option DNS 192.168.1.1"
    push "register-dns"
    client-to-client
    ca /var/etc/openvpn/server2.ca
    cert /var/etc/openvpn/server2.cert
    key /var/etc/openvpn/server2.key
    dh /etc/dh-parameters.2048
    crl-verify /var/etc/openvpn/server2.crl-verify
    persist-remote-ip
    float
    

    Client

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA256
    tls-client
    client
    resolv-retry infinite
    remote my server.ip 1194 udp
    lport 0
    verify-x509-name "mydomain.tld" name
    ns-cert-type server
    verb 5
     <ca>snip</ca> etc
    
    

    As you can probably work out, my local LAN is 192.168.1.0/24. I want to be able to talk to my local LAN from my VPS (which is the client in this instance) and vice versa. Rules seem to be OK because I can ping from the LAN to the VPS but not vice versa.

    When I check the client log's, I see this:

    
    Dec 20 08:12:49 snip[11134]: [mydomain.told] Peer Connection Initiated with [AF_INET]server.ip:1194
    Dec 20 08:12:51 snip[11134]: SENT CONTROL [mydomain.tld]: 'PUSH_REQUEST' (status=1)
    Dec 20 08:12:51 snip[11134]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0,dhcp-option DNS 192.168.1.1,dhcp-option DNS isp.dns,register-dns,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
    Dec 20 08:12:51 snip[11134]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: register-dns (2.3.2)
    Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: timers and/or timeouts modified
    Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: --ifconfig/up options modified
    Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: route options modified
    Dec 20 08:12:51 snip[11134]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Dec 20 08:12:51 snip[11134]: ROUTE_GATEWAY snip/255.255.192.0 IFACE=eth0 HWADDR=snip
    Dec 20 08:12:51 snip[11134]: TUN/TAP device tun0 opened
    Dec 20 08:12:51 snip[11134]: TUN/TAP TX queue length set to 100
    Dec 20 08:12:51 snip[11134]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Dec 20 08:12:51 snip[11134]: /sbin/ip link set dev tun0 up mtu 1500
    Dec 20 08:12:51 snip[11134]: /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
    Dec 20 08:12:51 snip[11134]: /sbin/ip route add 192.168.1.1/24 via 10.8.0.5
    Dec 20 08:12:51 snip[11134]: ERROR: Linux route add command failed: external program exited with error status: 2
    Dec 20 08:12:51 snip[11134]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.5
    

    The funny thing is, when I run sudo ip route add 192.168.1.1/24 via 10.8.0.5 manually after the connection is established, the route adds fine and I can ping to the local LAN from the VPS client.

    Is there something processing out of order here that I need to fix or something?


  • Banned

    192.168.1.1 is not what you want. Try 192.168.1.0. Also suspect you do NOT really want the net30 crap.



  • After looking at it for several hours, its the little things you miss.

    Cheers!

    As to the net30 crap, I wasn't getting routes pushed, so I'll fix that up now, not that it's causing too many dramas, but you are right, I doubt I need it.

    Thanks again.


Log in to reply