Have servers behind OpenVPN subnet reach connecting clients
Posted
by
imaginative
on Server Fault
See other posts from Server Fault
or by imaginative
Published on 2011-11-10T18:54:45Z
Indexed on
2012/03/30
5:32 UTC
Read the original article
Hit count: 239
I am trying to find some relevant documentation or what directives I need in either the OpenVPN server configuration or client configuration to accommodate for this use case.
I have an OpenVPN server that clients connect to. The OpenVPN server can communicate directly with any of the clients already, this is not an issue. The client is able to reach any machine on the private subnet where OpenVPN resides, this is also not an issue. My issue is that the reverse is currently not possible - I have servers on the same subnet as the OpenVPN box that cannot reach any of the connecting clients. I'd like to be able to SSH to them and more, the same way the client can reach the servers behind the OpenVPN subnet.
What do I need to do to make this possible? I already have masquerading rules set on the OpenVPN box:
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE
IP Forwarding is enabled:
echo 1 >/proc/sys/net/ipv4/ip_forward
I added a route on the server behind the private subnet to be aware of the route:
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
What am I missing?
© Server Fault or respective owner