|
|
|
Title: Re: [Openvpn-users] Access to client-side subnet via routed VPN
Daniel L. Miller wrote:
> > > > I can ping the VPN client LAN IP (10.4.1.140) - but not the rest of the > > remote network. What step did I miss? > > > Does a source-nat need to be performed on the client to allow this type > of communication? If so, how can I do that on Windows? Or should this > be handled internally by OpenVPN? Smart ! ;-)
The host on the remote network, like 10.4.1.150, must know where to send replies.
Either the VPN client (.140) masks the packet as coming from him, or .150 has a route added for the
source of the packets coming from your VPN server. That would be 172.27.0.1, I guess.
So either add routes to hosts on the client LAN, or use masquerading on the client.
(this is actually supported by Windows : see ICS)
Regards,
David |