You are not logged in.

Pages: 1

#1 2019-09-13 06:56:47

LMAO
Member
Registered: 2019-09-13
Posts: 5

[SOLVED] OpenVPN on non-default gateway machine

Hello. In subnet 192.168.0.0/24 I have software router 192.168.0.1 with iptables. It is default gateway for subnet.
And I have OpenVPN client on another machine - 192.168.0.2. It connecting to subnet 192.168.1.0/24
How I can route all traffic from 192.168.0.0/24 to 192.168.1.0/24 via 192.168.0.2 without specifying static routes on clients?

If I set static route on any computer in subnet 192.168.0.0/24

ip route add 192.168.1.0/24 via 192.168.0.2

...or pushing routes from DHCP server, everything is working.

But subnet 192.168.0.0/24 have devices, which can't accept routes from DHCP and can't use "ip route add" command.

default gateway have static route to 192.168.1.0/24

192.168.1.0/24 via 192.168.0.2 dev br0 metric 1

and can ping any hosts in 192.168.1.0/24 subnet.

Last edited by LMAO (2019-09-13 13:00:11)

Offline

#2 2019-09-13 07:32:09

Swiggles
Member
Registered: 2014-08-02
Posts: 266

Re: [SOLVED] OpenVPN on non-default gateway machine

You said 192.168.0.1 is your gateway. So I assume all clients in that segment use it as your default gateway. This means on the gateway you have to add a static route pointing to 192.168.0.2 for addresses in 192.168.1.0/24.

On your 192.168.0.1 machine add a route like this:

ip route add 192.168.1.0/24 via 192.168.0.2 dev ifname

Last edited by Swiggles (2019-09-13 07:37:13)

Offline

#3 2019-09-13 07:47:00

LMAO
Member
Registered: 2019-09-13
Posts: 5

Re: [SOLVED] OpenVPN on non-default gateway machine

Sorry, misprint in my topic post :-) Corrected.
Of course, 192.168.0.1 already have route to 192.168.1.0/24 via 192.168.0.2 :-)

192.168.1.0/24 via 192.168.0.2 dev br0 metric 1

And ping to 192.168.1.0/24 working only from 192.168.0.1

Last edited by LMAO (2019-09-13 07:48:19)

Offline

#4 2019-09-13 07:52:41

Swiggles
Member
Registered: 2014-08-02
Posts: 266

Re: [SOLVED] OpenVPN on non-default gateway machine

Have you enabled forwarding?

sysctl -w net.ipv4.ip_forward=1

Offline

#5 2019-09-13 09:03:21

LMAO
Member
Registered: 2019-09-13
Posts: 5

Re: [SOLVED] OpenVPN on non-default gateway machine

Yes, it is already full-working gateway with NAT (iptables)

[root@router ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

And when I specify static route on client:

ip route add 192.168.1.0/24 via 192.168.0.2

everything is working. But I need solution without any manipulations on clients.

Last edited by LMAO (2019-09-13 09:07:01)

Offline

#6 2019-09-13 09:12:45

Swiggles
Member
Registered: 2014-08-02
Posts: 266

Re: [SOLVED] OpenVPN on non-default gateway machine

Then please show all relevant configurations. The detail with NAT and iptables was missing and remove the unwanted rules. Show the routing tables for 192.168.0.1, 192.168.0.2 and some client as it should be.

Offline

#7 2019-09-13 11:42:47

LMAO
Member
Registered: 2019-09-13
Posts: 5

Re: [SOLVED] OpenVPN on non-default gateway machine

iptables (for testing I turned ACCEPT everywhere and added FORWARD rule for any side. removed any DROP and REJECT rules.)

:PREROUTING ACCEPT [23017:1543221]
:INPUT ACCEPT [194:12986]
:OUTPUT ACCEPT [301:25209]
:POSTROUTING ACCEPT [896:67413]
-A POSTROUTING -o ppp0 -j MASQUERADE
-A POSTROUTING -o br0 -j MASQUERADE
COMMIT
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [2409:179762]
:OUTPUT ACCEPT [3169:341946]
-A FORWARD -i br0 -o ppp0 -j ACCEPT
-A FORWARD -i ppp0 -o br0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

routing table on 192.168.0.1 (default gw)

default dev ppp0 scope link
85.91.22.1 dev ppp0 proto kernel scope link src 189.128.41.58
192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1
192.168.1.0/24 via 192.168.0.2 dev br0 metric 1

routing table on 192.168.0.2 (VPN client):

default via 192.168.0.1 dev enp1s0 proto dhcp src 192.168.0.2 metric 1024
10.0.1.0/24 via 10.0.1.5 dev tun0
192.168.0.0/24 dev enp1s0 proto kernel scope link src 192.168.0.2
192.168.0.1 dev enp1s0 proto dhcp scope link src 192.168.0.2 metric 1024
192.168.1.0/24 via 10.0.1.5 dev tun0

routing table on some client:

default via 192.168.0.1 dev enp1s0 proto dhcp src 192.168.0.4 metric 1024 
192.168.0.0/24 dev enp1s0 proto kernel scope link src 192.168.0.4 
192.168.0.1 dev enp1s0 proto dhcp scope link src 192.168.0.4 metric 1024

If I manually add route "192.168.1.0/24 via 192.168.0.2" on client then everything is working.

Last edited by LMAO (2019-09-13 11:45:06)

Offline

#8 2019-09-13 12:44:54

Swiggles
Member
Registered: 2014-08-02
Posts: 266

Re: [SOLVED] OpenVPN on non-default gateway machine

There is no forward for br0 to br0 in your iptables. Maybe add a log rule for dropped forwards to debug the issues further.

Offline

#9 2019-09-13 12:59:51

LMAO
Member
Registered: 2019-09-13
Posts: 5

Re: [SOLVED] OpenVPN on non-default gateway machine

I didn’t know what was permissible smile
After adding forward rule from br0 to br0 problem is solved. Thanks!

Offline

Pages: 1

Board footer

Powered by FluxBB