0

I have an OpenVPN server which runs with two configurations - first one is

port 1194
proto udp
dev tun

while the second one is

port 443
proto tcp
dev tun
port-share ${my-ip} 10443

I keep them this way since I prefer the udp one, but port 443 is accessible everywhere, while 1194 is not. Also port-sharing makes apache ssl logs less useful.

I use different subnets for each configuration:

server 10.25.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client

and

server 10.25.2.0 255.255.255.0
ifconfig-pool-persist ipp-port-share.txt
client-to-client

However, with this config a client from the first config (10.25.1.0/24) will be unable to connect to a client from the second config ( 10.25.2.0/24 ).

What can I do so that the two client subnets can communicate?

Robert Munteanu
  • 1,654

1 Answers1

1

You need to declare a route to 10.25.2.0/24 for clients of the first configuration and 10.25.1.0/24 on the second. Use this in your first configuration file, and the converse in your second:

push "route 10.25.2.0 255.255.255.0"
Chris Davies
  • 1,720
  • Thanks for the reply. I have done the changes:
    • ip forwarding is on ( /proc/sys/net/ipv4/ip_forward = 1 )
    • added the push configurations, restarted the server + 1 client on each subnet

    However, the clients stil don't see each other. I am able to ping the gateway, e.g. from 10.25.1.40 I can ping 10.25.2.1, but not beyond.

     – Robert Munteanu Oct 28 '15 at 06:19
  • @RobertMunteanu do you get the route added on the clients? – Chris Davies Oct 28 '15 at 09:19
  • yes, the route is added. I expected the ping to 10.25.2.1 would not work otherwise for a 10.25.1.x client – Robert Munteanu Oct 28 '15 at 10:29