Have servers behind OpenVPN subnet reach connecting clients

Posted by imaginative on Server Fault See other posts from Server Fault or by imaginative
Published on 2011-11-10T18:54:45Z Indexed on 2012/03/30 5:32 UTC
Read the original article Hit count: 239

Filed under:
|
|

I am trying to find some relevant documentation or what directives I need in either the OpenVPN server configuration or client configuration to accommodate for this use case.

I have an OpenVPN server that clients connect to. The OpenVPN server can communicate directly with any of the clients already, this is not an issue. The client is able to reach any machine on the private subnet where OpenVPN resides, this is also not an issue. My issue is that the reverse is currently not possible - I have servers on the same subnet as the OpenVPN box that cannot reach any of the connecting clients. I'd like to be able to SSH to them and more, the same way the client can reach the servers behind the OpenVPN subnet.

What do I need to do to make this possible? I already have masquerading rules set on the OpenVPN box:

iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE

IP Forwarding is enabled:

echo 1 >/proc/sys/net/ipv4/ip_forward

I added a route on the server behind the private subnet to be aware of the route:

192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

What am I missing?

© Server Fault or respective owner

Related posts about vpn

Related posts about routing