Forums

Resolved
0 votes
Hi all,
I have installed ClearOS Community Edition 7 in Gateway mode. The ClearOs network interfaces are so set up:
- LAN IP 10.1.1.10 Netmask 255.0.0.0
- DMZ IP 10.2.1.1 Netmask 255.255.255.0

The problem is this: I setup OpenVPN with defaul setting. I can connect on VPN but the clients cannot comunicate with LAN (I tried RDP, HTTP,SSH). I can connect only with ClearOS server (via https and ssh)
With DMZ the connection work fine.

Can you help me?
Best regards
Matteo
In OpenVPN
Thursday, January 10 2019, 08:37 PM
Share this post:
Responses (3)
  • Accepted Answer

    Saturday, January 12 2019, 01:09 PM - #Permalink
    Resolved
    0 votes
    It yould be helpful if you could give more diagnostics with your posts. What have you tried, how did you test and what were the results.

    So what is your LAN now? 10.1.0.0/16? Note you are not restricted to subnets with 255. As an example, if you wanted 1022 available LAN IP's you could use a subnet mask of 255.255.252.0. Have a play with the Supernet Calculator.

    When connecting to your LAN, becareful when connecting to Windows devices. Often the Windows firewall only allows connections from its own subnet (10.1.0.0/16 for you) and therefore will not allow connections from OpenVPN (10.8.0.0/24). You may have to either create an exception for the OpenVPN subnet (either a blanket exception or for the relevant apps) or turn off the firewall.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, January 12 2019, 10:21 AM - #Permalink
    Resolved
    0 votes
    Hi Nick, I followed your suggest and change the netmask of my LAN in 255.255.0.0 but the prolem with vpn isn't resolve.
    Thanks for reply.
    Kind regards.
    Matteo
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 10 2019, 08:53 PM - #Permalink
    Resolved
    0 votes
    You'll have all sorts of problems here. Do you really need 256 * 256 * 256 -2 LAN IP's (16,777,214)? That is Meg-Corp territory. I really suggest you reduce you netmask to something like 255.255.255.0. With 255.0.0.0 it also overlaps your DMZ so that is likely to give you problems as well.

    If you insist on such a big subnet, you can change the OpenVPN subnets in /etc/openvpn/clients.conf and /etc/openvpn/clients-tcp.conf but note you will have problems connecting from any external LAN in the 10.0.0.0/8 subnet (or, you will connect but no traffic will flow).
    The reply is currently minimized Show
Your Reply