OpenVPN 1.5 routing not funcional

JJCat · March 12, 2024, 8:12pm

Hello all! I have to ask how I may configure my VyOS device to be able to run as an OpenVPN server and be able to use it as a way to connect to the private server being hosted on it.

Here are the server configurations:

openvpn vtun1 {
     local-port 1194
     mode server
     persistent-tunnel
     protocol udp
     server {
         client client1 {
             ip 10.16.1.10
             push-route 172.16.0.0/24
             subnet 10.16.1.0/25
         }
         name-server 10.16.0.254
         push-route 172.16.0.0/24 {
         }
         subnet 10.16.0.0/24
         topology subnet
     }
     tls {
         ca-certificate ca
         certificate server
         dh-params dh
     }
 }

The clients trying to access are individuals and their machines, rather than another VyOS machine. So there are files like client1.crt, client1.key & ca.crt for each client on said machines.

So far, I’ve been able to technically connect to the VyOS machine via OpenVPN on a client machine, however, I have not been able to access the private network 172.16.0.0/24 that’s being hosted within its server. The only thing even pingable is the client’s own ip (10.16.1.10)

Anyone know any good tips or configuration changes I must follow to correct this?

Thank you for reading!

Extra info:

Client configuration file:

client
nobind
remote xxx.xxx.xxx.xxx xxxxx # censored
remote-cert-tls server
proto udp
dev tun1
persist-key
persist-tun
verb 3
mute 3
tls-client

ca	"E:\\Users\\Client1\\OpenVPN\\config\\c1\\ca.crt"
cert	"E:\\Users\\Client1\\OpenVPN\\config\\c1\\client1.crt"
key	"E:\\Users\\Client1\\OpenVPN\\config\\c1\\client1.key"

keysize 256
comp-lzo no

tjh · March 13, 2024, 4:00am

Welcome to the Vyos forums!

Do hosts on the 172.16.0.0/24 network have a router back to your VPN client(s)?

What does the routing table look like on a host when it’s connected, do you see the pushed route being installed in the client’s routing table?

JJCat · March 13, 2024, 4:48pm

Thanks for having me!

The same router that hosts the OpenVPN server also hosts a DHCP server, which is providing the private network and IPs to the devices on 172.16.0.0/24. So I believe that the devices might not have any routing to the VPN server, as I’ve only started OpenVPN configuration after the main server configuration was done.

Here is what the server’s routing looks like:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         xxx.xxx.xxx.xxx 0.0.0.0         UG    20     0        0 eth0 # Censored
10.16.0.0       0.0.0.0         255.255.255.0   U     0      0        0 vtun1
10.16.0.0       0.0.0.0         255.255.240.0   U     20     0        0 vtun1
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
xxx.xxx.xxx.xxx 0.0.0.0         xxx.xxx.xxx.xxx U     0      0        0 eth0 # Censored

Here is a host’s routing:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.16.0.1      0.0.0.0         UG    20     0        0 eth1
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
xxx.xxx.xxx.xxx 0.0.0.0         xxx.xxx.xxx.xxx U     0      0        0 eth0 # Censored

Here is my client’s routing:

Network Destination        Netmask          Gateway       Interface  Metric
        10.16.1.0    255.255.255.0         On-link        10.16.1.10    281
       10.16.1.10  255.255.255.255         On-link        10.16.1.10    281
      10.16.1.255  255.255.255.255         On-link        10.16.1.10    281
        224.0.0.0        240.0.0.0         On-link        10.16.1.10    281

I don’t see the route actually being pushed onto the client, no.

Thanks for the reply though!