Wingsfan87
Regular Contributor
@Martineau I really could use your expertise on solving this problem I have been working on for a while. Or anyone else who might know what I am missing/doing wrong.
Background:
I have a Linux OpenVPN Gateway Client setup at my house. It is connected to 5 different OpenVPN Servers running at friends/families houses that are all using Asus routers running Merlin's latest firmware. For my home network I am using Unifi with a USGPro4 and latest Unifi controller. I have static routes set to those remote subnets pointing to my VM running Linux as my OpenVPN Gateway Client. When I am at my house on my LAN I can access all the remote subnets just fine no issues. I have the IPTABLES set correctly to allow established related traffic and my home LAN to forward to the remote LAN and I am dropping their remote LAN to connect to my LAN. I can access their network since they are the OpenVPN server's but me as the client side I don't want them accessing my LAN from theirs. Again all this is working just fine as intended.
Problem: Also on my home LAN Unifi gear I am using a L2TP IPSEC VPN that is included as an option. I am attempting to access the remote subnets for friends and families from this VPN connection but not able to. I did a trace and my VPN connection it is forwarding correctly to the OpenVPN gateway client on my LAN but it is not returning from the remote OpenVPN Server side running on the Asus routers.
I can't tell if I need to adjust the firewall iptable rules on my OpenVPN gateway client or what to set in the custom configuration on the remote OpenVPN server on the Asus router. I am using your custom VPNClientConnect.sh script that adds the iroute dynamically based on user.
Any ideas?
*Note I am only giving one remote LAN example for the rules and IP details but they all are configured similarly just different subnets of course to prevent conflicts/overlap.
IP Details:
Local LAN: 192.168.50.0
Local IPSEC VPN: 10.10.50.0
Remote LAN: 192.168.30.0
Remote OpenVPN: 10.8.30.0
Local OpenVPN Gateway Client IPTABLE List:
root@ovpngateway:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.50.0/24 -d 192.168.0.0/16 -j ACCEPT
-A FORWARD -s 10.10.50/24 -d 192.168.0.0/16 -j ACCEPT
-A FORWARD -s 10.8.30.0/24 -d 192.168.0.0/16 -j ACCEPT
-A FORWARD -s 192.168.30.0/24 -d 192.168.0.0/16 -j DROP
OpenVPN Server Router Custom Config:
script-security 2
client-connect /jffs/scripts/VPNClientConnect.sh
route 192.168.50.0 255.255.255.0 vpn_gateway
route 10.10.50.0 255.255.255.0 vpn_gateway
Thanks
Background:
I have a Linux OpenVPN Gateway Client setup at my house. It is connected to 5 different OpenVPN Servers running at friends/families houses that are all using Asus routers running Merlin's latest firmware. For my home network I am using Unifi with a USGPro4 and latest Unifi controller. I have static routes set to those remote subnets pointing to my VM running Linux as my OpenVPN Gateway Client. When I am at my house on my LAN I can access all the remote subnets just fine no issues. I have the IPTABLES set correctly to allow established related traffic and my home LAN to forward to the remote LAN and I am dropping their remote LAN to connect to my LAN. I can access their network since they are the OpenVPN server's but me as the client side I don't want them accessing my LAN from theirs. Again all this is working just fine as intended.
Problem: Also on my home LAN Unifi gear I am using a L2TP IPSEC VPN that is included as an option. I am attempting to access the remote subnets for friends and families from this VPN connection but not able to. I did a trace and my VPN connection it is forwarding correctly to the OpenVPN gateway client on my LAN but it is not returning from the remote OpenVPN Server side running on the Asus routers.
I can't tell if I need to adjust the firewall iptable rules on my OpenVPN gateway client or what to set in the custom configuration on the remote OpenVPN server on the Asus router. I am using your custom VPNClientConnect.sh script that adds the iroute dynamically based on user.
Any ideas?
*Note I am only giving one remote LAN example for the rules and IP details but they all are configured similarly just different subnets of course to prevent conflicts/overlap.
IP Details:
Local LAN: 192.168.50.0
Local IPSEC VPN: 10.10.50.0
Remote LAN: 192.168.30.0
Remote OpenVPN: 10.8.30.0
Local OpenVPN Gateway Client IPTABLE List:
root@ovpngateway:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.50.0/24 -d 192.168.0.0/16 -j ACCEPT
-A FORWARD -s 10.10.50/24 -d 192.168.0.0/16 -j ACCEPT
-A FORWARD -s 10.8.30.0/24 -d 192.168.0.0/16 -j ACCEPT
-A FORWARD -s 192.168.30.0/24 -d 192.168.0.0/16 -j DROP
OpenVPN Server Router Custom Config:
script-security 2
client-connect /jffs/scripts/VPNClientConnect.sh
route 192.168.50.0 255.255.255.0 vpn_gateway
route 10.10.50.0 255.255.255.0 vpn_gateway
Thanks