Hi all!
I installed the OVPN-plugin and can cannot to the omv-server (which is the ovpn-server as well) but I can't connect to any other server on the same LAN as the omv-server resides.
What do I have to do in irder to reach other servers via VPN from my OVPN-client? Please, if possible, tell me the detailed commands I have to run. Thanks in advance.
My setup is as follows:
LAN ip: 192.168.2.0
router: 192.168.2.1
omv server 192.168.2.33
synology server 192.168.2.176
Meanwhile I have the following situation:
I have a synology server with a OpenVPN configuration which allows me to reach all servers on my LAN from my client via VPN.
The server config of my synology server is as follows:
cat openvpn.conf
push "route 192.168.2.0 255.255.255.0"
push "route 10.9.0.0 255.255.255.0"
dev tun
management 127.0.0.1 1195
server 10.9.0.0 255.255.255.0
dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh1024.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key
max-clients 5
comp-lzo
persist-tun
persist-key
verb 3
#log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6
port 1197
Alles anzeigen
The routes are:
ZitatAlles anzeigenroute
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default easy.box 0.0.0.0 UG 0 0 0 eth0
10.9.0.0 10.9.0.2 255.255.255.0 UG 0 0 0 tun0
10.9.0.2 * 255.255.255.255 UH 0 0 0 tun0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
As expected, because I did not change anything manually (only via openvpn.conf).
And really nothing within iptables:
ZitatAlles anzeigeniptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
When I connect to the above configuration I can ping the omv server, the synology server, the router and all other servers residing on 192.168.2.0 using their native lan-adresses.
----
Now I show the the server.conf from my omv server:
ZitatAlles anzeigencat server.conf
push "route 192.168.2.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management 127.0.0.1 1195
server 10.8.0.0 255.255.255.0
dh /etc/openvpn/keys/dh2048.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
max-clients 5
comp-lzo
persist-tun
persist-key
verb 3
#log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6
port 1196
You see, after trying a lot of config parameters I simply copied and edited (where neccessary) the server.config.
route looks similar
ZitatAlles anzeigenroute
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
default easy.box 0.0.0.0 UG 0 0 0 eth1
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
172.17.0.0 * 255.255.0.0 U 0 0 0 docker0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
And so do the iptables (it makes no difference, if I delete the first two ACCEPT-lines in omv-network/firewall).
ZitatAlles anzeigeniptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 10.8.0.0/24 192.168.2.0/24
ACCEPT tcp -- 192.168.2.0/24 192.168.2.0/24
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (0 references)
target prot opt source destination
Chain fail2ban-ssh (0 references)
target prot opt source destination
nas1:/etc/openvpn#
When I connect to this config, I am only able to reache the omv-server from the ovpn client. No access to the router, no access to the synology server, nor any other server on my LAN.
Any help is very much appreciated