Mikael Johansson
New Around Here
Hi!
I'm new to OpenVPN, and I'm trying to set up a site-to-site network between my house and that of my parents. We have an RT-AC66U router each.
Unfortunately, I don't have a public IP at my place so the OpenVPN server (ROUTER1) has to reside at my parents, while the OpenVPN client (ROUTER2) lives at my place.
To easily discern the addresses, I've set the LAN range at my parents to 10.55.55/24, and my house has 10.22.22/24. The VPN range is 10.8.8/24.
So, what I'm trying to do is to have the OpenVPN client on ROUTER2 connect to the server on ROUTER1, and get 55.55 & 22.22 subnets to talk nicely to eachother through the tunnel in both directions. In addition, I want any of the laptops in the family to be able to connect to the VPN from anywhere (Through e.g. Tunnelblick).
At this point, it's almost working except that I haven't managed to add the "reverse" routing entry for 10.22.22.x on ROUTER1 (Server) -> ROUTER2 (Client).
I can initiate connections from the client (10.22.22.x) network to the server network (10.55.55.x) just fine, but not the other way around.
From what I've gathered from the OpenVPN documentation, I'm probably missing an `iroute` entry for the "return path". I can also verify in the routing table on ROUTER1 that the 10.22.22/24 -> 10.8.8.<ROUTER2> route is missing.
ROUTER1 table:
ROUTER2 table:
I've only used the GUI and let the server router generate all the certificates and keys so far, btw.
Current settings:
Thanks a lot,
Mikael
I'm new to OpenVPN, and I'm trying to set up a site-to-site network between my house and that of my parents. We have an RT-AC66U router each.
Unfortunately, I don't have a public IP at my place so the OpenVPN server (ROUTER1) has to reside at my parents, while the OpenVPN client (ROUTER2) lives at my place.
To easily discern the addresses, I've set the LAN range at my parents to 10.55.55/24, and my house has 10.22.22/24. The VPN range is 10.8.8/24.
So, what I'm trying to do is to have the OpenVPN client on ROUTER2 connect to the server on ROUTER1, and get 55.55 & 22.22 subnets to talk nicely to eachother through the tunnel in both directions. In addition, I want any of the laptops in the family to be able to connect to the VPN from anywhere (Through e.g. Tunnelblick).
At this point, it's almost working except that I haven't managed to add the "reverse" routing entry for 10.22.22.x on ROUTER1 (Server) -> ROUTER2 (Client).
I can initiate connections from the client (10.22.22.x) network to the server network (10.55.55.x) just fine, but not the other way around.
From what I've gathered from the OpenVPN documentation, I'm probably missing an `iroute` entry for the "return path". I can also verify in the routing table on ROUTER1 that the 10.22.22/24 -> 10.8.8.<ROUTER2> route is missing.
ROUTER1 table:
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
<ROUTER1 EXT> * 255.255.255.255 UH 0 0 0 eth0
10.55.55.0 * 255.255.255.0 U 0 0 0 br0
10.8.8.0 * 255.255.255.0 U 0 0 0 tun21
<ROUTER1 RANGE> * 255.255.252.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default <ROUTER1 GW> 0.0.0.0 UG 0 0 0 eth0ROUTER2 table:
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
<ROUTER2 EXT > * 255.255.255.255 UH 0 0 0 eth0
<ROUTER2 RANGE> * 255.255.255.0 U 0 0 0 eth0
10.55.55.0 10.8.8.1 255.255.255.0 UG 0 0 0 tun11
10.22.22.0 * 255.255.255.0 U 0 0 0 br0
10.8.8.0 * 255.255.255.0 U 0 0 0 tun11
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default <ROUTER2 GW> 0.0.0.0 UG 0 0 0 eth0I've only used the GUI and let the server router generate all the certificates and keys so far, btw.
Current settings:
- "Manage client-specific options" = Yes
- "Allow Client <-> Client" = Yes
- "Allow only specified clients" = No
- How do I get the `iroute 10.22.22/24` to be set correctly?
- How do I get this to happen only for ROUTER1, and not for the laptops connecting? How do I differentiate between them? Do I generate different .ovpn files in some way, or add different entries on the server?
- How do I set the "Common Name"?
- Should I set a static VPN address for the ROUTER2 (e.g. 10.8.8.2)? How do I do that?
Thanks a lot,
Mikael
