Adding route on client using OpenVPN
So this is my setup. Laptop Running Ubuntu OpenVPN version 2.3.2 I connect to a OpenVPN server that connects to an off-site network. I get the OpenVPN client running and I can ping the VPN server. The server doesn’t push any routes so I need to route on the client. Adding the off-site networks to route to the VPNserver so that I can access the off site network. So the problem I have is that my requests don’t jump from 192.168.0.1 network to the off site 172...* one. Can I do anything about that on my client? I don’t have any ownership of the server and routs are not pushed from server now , in the future i don’t know
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.242.2.6 P-t-P:10.242.2.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:100 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:12129 (12.1 KB) wlan1 Link encap:Ethernet HWaddr 5c:93:a2:a0:6e:1b inet addr:10.101.7.41 Bcast:10.101.31.255 Mask:255.255.224.0 inet6 addr: fe80::5e93:a2ff:fea0:6e1b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:355109 errors:0 dropped:0 overruns:0 frame:0 TX packets:206832 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:454685028 (454.6 MB) TX bytes:23942624 (23.9 MB) Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.101.0.1 0.0.0.0 UG 0 0 0 wlan1 10.101.0.0 0.0.0.0 255.255.224.0 U 0 0 0 wlan1 10.242.2.1 10.242.2.5 255.255.255.255 UGH 0 0 0 tun0 10.242.2.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.0.0 10.242.2.5 255.255.255.0 UG 0 0 0 tun0 192.168.82.0 10.242.2.5 255.255.255.0 UG 0 0 0 tun0
Setting up routing
If you set up a routed VPN, i.e., one where local and remote subnets differ, you need to set up routing between the subnets so that packets will transit the VPN.
Here is a possible road warrior network configuration:
Road Warrior (Windows)
TAP-Windows Adapter 10.3.0.2 subnet 255.255.255.0
ifconfig option in OpenVPN config:
ifconfig 10.3.0.2 255.255.255.0
Main Office, server (any OS)
tap adapter 10.3.0.1 subnet 255.255.255.0
ifconfig option in OpenVPN config:
ifconfig 10.3.0.1 255.255.255.0
private ethernet 10.0.0.1 subnet 255.255.255.0
The road warrior needs this route in order to reach machines on the main office subnet:
route add 10.0.0.0 mask 255.255.255.0 10.3.0.1 (this is a shell command)
Routes can be conveniently specified in the OpenVPN config file itself using the —route option:
route 10.0.0.0 255.255.255.0 10.3.0.1
If the OpenVPN server in the main office is also the gateway for machines on the remote subnet, no special route is required on the main office side.
On the other hand, if the main office OpenVPN server is NOT also the gateway, then whatever machine or router, which IS the gateway, must know to route 10.3.0.0 subnet 255.255.255.0 to the machine which is running OpenVPN.
Updates & Announcements
Cyber Shield Released
Cyber Shield protects you from cyber threats without requiring you to tunnel internet traffic. Turn Shield ON.
Release Notes 2.12.0
Access Server 2.12.0 comes with support for Data Channel Offload, a kernel accelerated method of encrypting/decrypting VPN traffic. It also allows setting unique global group subnets so routing in clustering mode is possible. Aside from this numerous fixes and improvements are included.
Access Server
Our popular self-hosted solution. Comes with two free connections. No credit card required.
CloudConnexa™
Cloud-delivered, as-a-service solution. Comes with three free connections. No credit card required.
OpenVPN is a leading global private networking and cybersecurity company that allows organizations to truly safeguard their assets in a dynamic, cost effective, and scalable way.
© Copyright 2023 OpenVPN | OpenVPN is a registered trademark of OpenVPN, Inc. |
CloudConnexa is a trademark of OpenVPN, Inc.