ich hab eine VM mit einem Openvpn Server und Debian Router mit Openvpn an mehreren Lokationen.
Nun sehe ich am Server (88.1):
Code: Alles auswählen
root@vpn:/etc/openvpn# ip r
default via PUBLICIP dev eth0
PUBLICIP dev eth0 scope link
192.168.2.0/24 via 192.168.88.2 dev tun0 # 88.2 ist ein Router mit dem Subnetz 192.168.2.0/24 dahinter, ok
192.168.88.0/24 dev tun0 proto kernel scope link src 192.168.88.1 # Das Openvpn Netz, ok
192.168.178.0/24 via 192.168.88.2 dev tun0 # 192.168.178.0/24 liegt nicht hinter 88.2, es liegt hinter 88.12!
Code: Alles auswählen
root@vpn:/etc/openvpn# grep -r 178 *
client/client88.12:iroute 192.168.178.0 255.255.255.0
openvpn-status.log:client88.2,178.112.33.1:63089,6087,10502,2023-07-08 13:39:37
openvpn-status.log:192.168.178.0/24,client88.12,185.128.245.218:60065,2023-07-08 13:39:37
openvpn-status.log:192.168.178.1C,client88.12,185.128.245.218:60065,2023-07-08 13:51:15
openvpn-status.log:192.168.2.0/24,client88.2,178.112.33.1:63089,2023-07-08 13:39:37
openvpn-status.log:192.168.88.2,client88.2,178.112.33.1:63089,2023-07-08 13:39:37
server.conf:push "route 192.168.178.0 255.255.255.0" # Lokation hinter 88.12
server.conf:route 192.168.178.0 255.255.255.0 # Lokation hinter 88.12
Code: Alles auswählen
# set a static IP
ifconfig-push 192.168.88.2 255.255.255.0
# route into
iroute 192.168.2.0 255.255.255.0
Code: Alles auswählen
# set a static IP
ifconfig-push 192.168.88.12 255.255.255.0
# route into
iroute 192.168.178.0 255.255.255.0
Code: Alles auswählen
port 1194
proto udp
dev tun
topology subnet
push "topology subnet"
server 192.168.88.0 255.255.255.0
# advertises to the VPN clients as being accessible through the VPN
#push "route 192.168.88.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0" # Location behind 88.2
push "route 192.168.178.0 255.255.255.0" # Location behind 88.12
# routing
client-to-client
client-config-dir /etc/openvpn/client
# controls the routing from the kernel to the OpenVPN server (via the TUN interface)
#route 192.168.88.0 255.255.255.0 # VPN Network
route 192.168.2.0 255.255.255.0 # Location behind 88.2
route 192.168.178.0 255.255.255.0 # Location behind 88.12
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/vpn.domain.at.crt
key /etc/openvpn/easy-rsa/pki/private/vpn.domain.at.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
user nobody
group nogroup
ifconfig-pool-persist ipp.txt
data-ciphers-fallback AES-256-CBC
keepalive 10 120
allow-compression yes
comp-lzo
persist-key
persist-tun
status openvpn-status.log