1

I have 2 servers running OpenVPN, let's call them server A and server B, I also have a client for both of the OpenVPN servers which is called client1, I'm trying to connect client1 to both servers on another machine which in this case I will call machine1, both of the OpenVPN's configurations of the servers is set to different subnets so they won't conflict.

If I try to connect client1 normally without any OpenVPN options to both servers it won't connect because the default client1 configuration is routing all the traffic through the VPN, that meaning there can't be 2 connections to the OpenVPN's servers because one connection will try to route all the traffic and the second connection will try to do that too but there will be a conflict.

So that's why I try to connect on machine1 both server A client1 and server B client1 with route-nopull option.

The problem is the following, I got machine1 connected to both server A and server B using TAP interfaces and both interfaces are connected and they got an IP, but there are no routes since I'm using route-nopull option and if I want to run an application like a web server on machine1 using the IP server A gave me for client1 and try to access it on another client with in the same subnet of server A it won't work.

More information:

Server A range for clients: 10.8.2.0-10.8.2.255
Server B range for clients: 10.8.3.0-10.8.3.255
client1 on server A has the static IP: 10.8.2.3
client1 on server B has the static IP: 10.8.3.2
Server A and B have client-to-client option enabled

The OpenVPN servers are using CentOS 6.5 minimal and machine1 is using CentOS 7.

Any ideas how I can connect both servers or more than 2 servers so the TAP interfaces can be used like normal Ethernet interfaces, to start a web server or any application on any of the IPs of the OpenVPN servers connected?

Curean Nicușor
  • 11
  • 4

1 Answers1

1

Sorry, had misunderstood. So you want, from a machine in same subnet as VPN server, to access your VPN client?

What you will need here is routing, in particular, you will need to turn it on on the VPN server. Your machines on the VPN server subnet will need a way to know how to access the VPN client, either with local route, or their gateway knowing the route. Your VPN client will need to know how to reply, which can be organized with "client-config-dir", "iroute" and "route" options. It's a little trickier than just gateway, but still rather easy.

Have a look here: https://openvpn.net/community-resources/how-to/#expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet . It describes very well all the steps involved in such a setup.

Original answer (Left so comment makes sense)

Have you had a look at this: https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway ?

To me it sounds like your issue is the gateway redirect. You might want to turn it off at server level with commenting "redirect-gateway", or filter it at client level with "--pull-filter ignore redirect-gateway"

user1532080
  • 526
  • 2
  • 7
  • I have looked at that, I even tried both turning off redirect-gateway at server level and "--pull-filter ignore gateway", same issue the interface is shown but can't be use to host any application on it. – Curean Nicușor Mar 16 '19 at 01:50
  • Thanks, I will try that out and come back with an answer. – Curean Nicușor Mar 16 '19 at 14:17
  • I've tried the OpenVPN's tutorials but no luck, so I tested "redirect-gateway autolocal" with "pull-filter ignore "redirect-gateway"" and it worked for server A and server B but when I add the third server which I'll call server C, stops working. – Curean Nicușor Mar 16 '19 at 15:19
  • It was my mistake, the third server was trying to connect using tun interface, I've changed it to tap and they are all connected but there's no internet access. – Curean Nicușor Mar 16 '19 at 15:32