Hi all. I’ve red several tutorial and tried dozends sample configs … but I’m missing something … somewhere
I’ve an access Router (192.168.0.1) that statically NATs all Internet Traffic to 192.168.0.2. This IP is also my VyOS routers eth0.
Now, I want to access my Subnet 192.168.10.0/24 from the internet. So I setup openvpn:
interfaces {
ethernet eth0 {
address 192.168.0.2/24
hw-id 00:0c:29:37:f9:5a
}
ethernet eth1 {
address 192.168.10.1/24
hw-id 00:0c:29:37:f9:7a
}
loopback lo {
}
openvpn vtun0 {
mode server
openvpn-option "--proto tcp"
openvpn-option "--ifconfig-pool-persist ipp.txt"
openvpn-option "--keepalive 10 120"
openvpn-option "--user nobody"
openvpn-option "--group nogroup"
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option "--status openvpn-status.log"
openvpn-option "--verb 3"
openvpn-option "--mute 10"
openvpn-option "--port 2019"
openvpn-option "--dev vtun0"
openvpn-option "--cipher AES-256-CBC"
openvpn-option "auth SHA512"
openvpn-option "remote-cert-tls client"
openvpn-option --client-to-client
server {
push-route 192.168.10.0/24
subnet 10.8.0.0/24
}
tls {
auth-file /config/auth/ta.key
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/server.crt
dh-file /config/auth/dh4096.pem
key-file /config/auth/server.key
}
}
}
The Client has:
client dev tun resolv-retry infinite nobind persist-key persist-tun route-delay 15 tls-client tls-auth ta.key 1 cipher AES-256-CBC auth SHA512 remote-cert-tls server key-direction 1 verb 6 compress lz4-v2 proto tcp remote my.homeserver.net 2019 <ca> -----BEGIN CERTIFICATE-----
The openvpn is listening:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2019 0.0.0.0:* LISTEN 1805/openvpn
I haven’t set any additional rules/routes so far …
Can you help me out ?