Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (2) →
Sandbo Chang
Sandbo Chang
Offline

OpenVPN client-to-client traffic routing

Resolved
0 votes
Hi,

I realized that I can't connect between two client computers which both hooked up to the same OpenVPN service on the ClearOS router by default.
For example, from a client with ip 10.8.0.14, I cannot access another remote client with ip 10.8.0.6, but I can still access connections within LAN (192.168.1.0/24).

Would you know how to do this?
Also, I tried to look for the server.conf for OpenVPN on my ClearOS 7.6 router, but I can't find it under /etc/openvpn. May I know what I should find it?

One more question: If I do change the server.conf myself, should I leave the Auto-Configuration enabled?

Thanks.
vpn openvpn
In OpenVPN
Monday, May 20 2019, 03:24 AM
Subscribe via email
Share this post:

Accepted Answer

Nick Howitt
Nick Howitt
Offline
Monday, May 20 2019, 07:24 AM - #Permalink
Resolved
0 votes
The file you want is /etc/clearos/clients.conf. Just add "client-to-client" to it. You can leave Autoconfiguration enabled. It won't touch this parameter.
The reply is currently minimized Show
Responses (2)

  • Accepted Answer

    Sandbo Chang
    Sandbo Chang
    Offline
    Monday, May 20 2019, 08:27 AM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    The file you want is /etc/clearos/clients.conf. Just add "client-to-client" to it. You can leave Autoconfiguration enabled. It won't touch this parameter.


    Hi Nick,

    Thanks again for the prompt reply.
    I think you meant /etc/openvpn/clients.conf, as the one under /etc/clearos/ does not exist.
    Now on adding the line you suggested and restarting the openvpn service it works well.

    Btw, a side question, what would be the name of the openvpn service?
    I tried systemctl restart openvpn but it failed. (I therefore did the restart via the WAN web config).
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Monday, May 20 2019, 08:35 AM - #Permalink
    Resolved
    0 votes
    Yes it was a typo.

    OpenVPN is an interesting one for starting and stopping (like arpwatch). If you look at the unit file in /usr/lib/systemd/system/ you'll see openvpn@.service with the @ after the service name. I don't know the exact definition of this but it means it takes an extra parameter and in this case it is the name of the conf file. So you do a:
    systemctl restart openvpn@clients
    This just restarts the service defined by the clients.conf and does not touch the one defined by clients-tcp.conf.
    The reply is currently minimized Show
Your Reply