People are reporting that after succesfully establishing a connection to the clearos server with openvpn, they then can't ping anything on the internal network or browse shares on the lan either. One solution is to add a static route, others have suggested adding custom iptables rules to the firewall.
My local network where the openVPN server is running on the router has an ip of 192.168.1.x When I connect to the network from another location, I get a n IP of 10.8.x.x With that IP I can't access any of the resources on that network. I tried to change the VPN subnet but it can't be the same as my local network. The Router needs to have a port forwarding for the port you want to use for OpenVPN and forward that port to 192.168..10, which is the IP address of the OpenVPN on the internal network. The next thing you need to do on the router is to add a route for your VPN subnet. In the routing table on your router, add 10.8.0.0/24 to be sent via 192.168 With a VPN client on your router, anyone using your local network to browse the web or access a cloud service will automatically be using the VPN as it'll be running 24x7. HOW TO Introduction. OpenVPN is a full-featured SSL VPN which implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or username/password credentials, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. From the OpenVPN man page:--route network/IP [netmask] [gateway] [metric] This tells the server config to "push" to the client, the route command which sets a networking route of the 10.10.10./24 subnet via the gateway 10.0.0.2 with a metric of 1. Metrics are used to give "preference" if multiple routes exist (such that the lowest cost wins). Configuring your router to run a VPN lets it protect all the devices on your network, but senior security analyst Max Eddy explains why it might not be practical for the average user. In your situation you should try to use standard routing instead of using NAT (between the internal network and the openvpn network). NAT should be your last option. The "edge router" (probably your CPE) (bewteen your internal network and the rest of internet) needs to send the packets for the VPN nodes (in 192.168.3./24) to the Open server.
The other alternative you have. Is to add a static route yourself on the client side. Add the route manually on the client side in a terminal. sudo route add -net 172.16../24 dev tun0 openvpn has a directive for adding and removing of routes client side in your openvpn config file with with the route option. Adding: route 172.16.. 255.255.255.
Configuration of a OpenVPN server with Zentyal¶. Zentyal can be configured to support remote clients (sometimes known as road warriors). This means a Zentyal server acting as a gateway and VPN server, with multiple local area networks (LAN) behind it, allows external clients (the road warriors) to connect to the local network via the VPN service. 2 * OpenVPN -- An application to securely tunnel IP networks 3 * over a single TCP/UDP port, with support for SSL/TLS-based 4 * session authentication and key exchange,
2 * OpenVPN -- An application to securely tunnel IP networks 3 * over a single TCP/UDP port, with support for SSL/TLS-based 4 * session authentication and key exchange,
IP ADDRESS in that case would be the machine on client LAN which tried to talk through vpn, because openVPN has no clue what that address is. Once you give it the iroute statement, that changes. Iroute is a route internal to openVPN, and has nothing to do with the kernel's routing table. It tells the openvpn server which client owns which network.