|
|
Sorry, error in route that needs to be added to your D-Link router.
Peter Barwich wrote:
Jeff,
This one threw me for a while too.
Your VPN client knows how to find machines on your LAN; your 'push
"route 192.168.1.0 255.255.255.0"' statement tells them to update their
routing tables so that they know the way. The problem is that machines
on your LAN don't know the way to the VPN, so they can't respond to a
ping. Your LAN has TWO gateways; one for the LAN which is 192.168.1.1;
your D-Link router, and one for the VPN which is on the VPN server; a
dual homed machine with IPs 192.168.1.99 AND 10.255.255.1. Your D-Link
router knows where all your LAN machines are but it has no clue where
your VPN gateway is, and hence cannot route packets to other machines
on your VPN. I'm not sure of the configuration windows for the D-Link
router; on my Linksys router you go to setup/advanced routing, and
there you add a route that tells the router how to send packets to the
VPN. Destination LAN IP 10.255.255.0, subnet mask 255.255.255.0 and
gateway [was 10.255.255.1 corrected to
192.168.1.99]. Once that is entered in your router knows to send
any packet intended for any machine on your VPN to your VPN server,
which, in turn, knows where the particular VPN machine is.
When this is done your client knows where your LAN machines are, and
your LAN machines know how to reach your client so you have
communication.
Note that you can also make all your LAN machines have openvpn running
and they can get VPN addresses AS WELL as their LAN addresses. Then, if
you have 'client-to-client' directive in your VPN server config file,
the clients will see each other over the VPN WITHOUT a route being set
in your D-Link router. It's a bit more complex, but it means that if
you move one of your LAN machines (say a laptop) to a different
internet access point it will still be able to see all your VPN network
(providing the port you've used for VPN is not blocked by the local
ISP)
Good luck,
Peter
I want the remote client to be able to communicate with other
computers/printers/etc on the VPN server's LAN (192.168.1.0).
OpenVPN Server…
LAN IP: 192.168.1.99
SM: 255.255.255.0
GW: 192.168.1.1 (D-Link router)
DNS: 192.168.1.1
VPN IP: 10.255.255.1
Remote Client…
LAN IP:192.168.0.10
SM: 255.255.255.0
GW: 192.168.0.1 (Linksys router)
DNS: 192.168.0.1
VPN IP: 10.255.255.45
I have added "push "route 192.168.1.0 255.255.255.0"" to the OpenVPN
server's config. I understand that I must add a route on the remote
client in order to find other clients on the OpenVPN Server's LAN.
This is where I'm confused…
|
|