I have this problem:
I connected RUT955 client to a server with OPENVPN with VPN IP 220.127.116.11
Now on the server I would like to be able to see router IP 10.100.45.1 (IP of RUT955) on server.
Tried different rules on the NAT but without success
What is the address of the LAN network on RUT955? If it is 10.100.45.0/24, then you need to add a route to this network via RUT955 on your OpenVPN server.
For example, add the following to the server config:
This tells the server where the client configurations are located. You can use a different directory, but in this case, the client information will be stored here.
Within the directory (In this example
/etc/openvpn/ccd), create a file named after the client’s Common Name (CN) from their certificate. For example, if a client’s CN is client1, then you would create a file named client1 inside the ccd directory. In this file, you can specify options for this specific client. To associate a client with a specific network, you can use the
iroute option. For instance, if the LAN network on RUT955 is 10.100.45.0/24:
iroute 10.100.45.0 255.255.255.0
This tells the server to associate the network 10.100.45.0/24 with client1. Basically, this means that the server will route traffic destined to this network via client1 (RUT955 in this case).
I tried to do as recommended. But I still can’t reach the LAN network of the RUT955.
Below is the response from the openvpn server (IP 10.200.86.1)
Do I have to do anything else?
Thanks for the reply
Thu Oct 26 17:20:52 2023 18.104.22.168:44057 peer info: IV_TCPNL=1
Thu Oct 26 17:20:52 2023 22.214.171.124:44057 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Oct 26 17:20:52 2023 126.96.36.199:44057 [CRI86] Peer Connection Initiated with [AF_INET]188.8.131.52:44057
Thu Oct 26 17:20:52 2023 CRI86/184.108.40.206:44057 MULTI_sva: pool returned IPv4=220.127.116.11, IPv6=(Not enabled)
Thu Oct 26 17:20:52 2023 CRI86/18.104.22.168:44057 OPTIONS IMPORT: reading client specific options from: C:\Program Files\OpenVPN\config\CRI\ccd\CRI86
Thu Oct 26 17:20:52 2023 CRI86/22.214.171.124:44057 MULTI: Learn: 126.96.36.199 → CRI86/188.8.131.52:44057
Thu Oct 26 17:20:52 2023 CRI86/184.108.40.206:44057 MULTI: primary virtual IP for CRI86/220.127.116.11:44057: 18.104.22.168
Thu Oct 26 17:20:52 2023 CRI86/22.214.171.124:44057 MULTI: internal route 10.200.86.0/24 → CRI86/126.96.36.199:44057
Thu Oct 26 17:20:52 2023 CRI86/188.8.131.52:44057 MULTI: Learn: 10.200.86.0/24 → CRI86/184.108.40.206:44057
Thu Oct 26 17:20:52 2023 CRI86/220.127.116.11:44057 Outgoing Data Channel: Cipher ‘AES-256-CBC’ initialized with 256 bit key
Thu Oct 26 17:20:52 2023 CRI86/18.104.22.168:44057 Outgoing Data Channel: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Thu Oct 26 17:20:52 2023 CRI86/22.214.171.124:44057 Incoming Data Channel: Cipher ‘AES-256-CBC’ initialized with 256 bit key
Thu Oct 26 17:20:52 2023 CRI86/126.96.36.199:44057 Incoming Data Channel: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Thu Oct 26 17:20:52 2023 CRI86/188.8.131.52:44057 SENT CONTROL [CRI86]: ‘PUSH_REPLY,route 184.108.40.206,topology net30,ping 1,ping-restart 5,ifconfig 220.127.116.11 18.104.22.168,peer-id 0,cipher AES-256-CBC’ (status=1)
Would it be possible for you to share the network topology, including IP addresses, to illustrate how everything is interconnected? Additionally, please provide your OpenVPN server and client configurations. Before sharing this information here, make sure to hide any sensitive data, like public IP addresses and passwords.
ca “C:\Program Files\OpenVPN\config\CRI\ca.crt”
cert “C:\Program Files\OpenVPN\config\CRI\CRI.crt”
key “C:\Program Files\OpenVPN\config\CRI\CRI.key”
dh “C:\Program Files\OpenVPN\config\CRI\dh.pem”
server 22.214.171.124 255.255.255.0
client-config-dir “C:\Program Files\OpenVPN\config\CRI\ccd”
keepalive 1 5
tls-auth ta.key 0
In folder ccd, i write a rule for multi router:
iroute 10.200.86.0 255.255.255.0
ifconfig-push 126.96.36.199 188.8.131.52
with LTE connection from server to client.
Thank’s for reply
Can you try pinging the server from the RUT device when connected to the VPN? And can the server ping back to the RUT’s local network at the address 10.200.86.1?
Could you please clarify if you are really using the 10.100.45.1 IP address in this scenario? Maybe you want to translate this IP via NAT? Or is the issue about getting the client’s local network to talk to the server?
Could you also show us the current routing tables on both the server and the client?
This topic was automatically closed after 15 days. New replies are no longer allowed.