Forums

Resolved
0 votes
Hello,

i had just installed opnvpn on my clearos, i made a port forwarding on my router to allow my laptop to connect from external connection but i got some questions related to the ip configuration what my client receives after connecting to the vpn.

I can't understand where can i set the dhcp scope for the vpn clients, i am connected to an ip address 10.8.0.6, can i use my dhcp lan scope? Also why i can't access my devices from my lan, i saw that on my windows machine i dont got default gateway with the vpn ip address can be this the issue?

Thanks

Ervin
In VPN
Sunday, August 26 2018, 11:43 AM
Share this post:

Accepted Answer

Sunday, August 26 2018, 01:27 PM - #Permalink
Resolved
0 votes
I am surprised you can ping anything but ClearOS on your LAN as I'd expect all return traffic to go directly through your router rather than via ClearOS/OpenVPN.

Setting static routes can be a problem with ISP routers. I know the facility is disabled in VirginMedia routers. As an alternative, but I've never tried it, see if you can add a firewall rule at the command line:
iptables  -t nat -I POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
But I don't know if ClearOS will take the rule when it is running without a firewall, and even if the rule will be effective in this configuration. If it works, we'll have to work out how to apply it in a system without a firewall. Please post back with what you find.

Note that if you are trying to access Windows devices on your LAN, their firewalls could block anything not from their own LAN subnet and this blocks OpenVPN traffic, so you may need to adjust their firewalls. The above ClearOS firewall rule may get round the Windows firewall without having to adjust it.
The reply is currently minimized Show
Responses (5)
  • Accepted Answer

    Friday, September 07 2018, 09:15 PM - #Permalink
    Resolved
    0 votes
    Sorry for my late feedback i m running a few really time consuming projects, i had decided to move my server near to my router and in a few days (when i will have time) i will switch my installation from Standalone -> Gateway, and i will use my router only for wifi access-point. I think in this way i will have more possibilities to make some custom setups as i like.
    Thanks for your effort, i really appreciated!
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, August 26 2018, 12:54 PM - #Permalink
    Resolved
    0 votes
    Yes it is set to 1

    [root@server ~]# cat /proc/sys/net/ipv4//ip_forward
    1



    Sorry i don't understand how to add this in my router, I cant find static route's on my isp router, but it seems now that I am able to ping the devices from my lan network after connecting with vpn.


    Ervin
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, August 26 2018, 12:33 PM - #Permalink
    Resolved
    0 votes
    That is a wicked subnet you are connecting from. It means your ClearOS's LAN subnet must not be in the range 192.168.32.0 - 192.168.63.255.

    Can you check that /proc/sys/net/ipv4/ip_forward is set to 1?

    Then you need to add a route in your router to 10.0.8.0/24 via your ClearOS LAN IP.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, August 26 2018, 12:25 PM - #Permalink
    Resolved
    0 votes
    Hello Nick,

    Yes my clearos is standalone without firewall in lan I got a router as gateway, DHCP server is clearos.
    Yes I made port forwarding of 1194 TCP&udp.

    At the moment I am on a public wifi with ip 192.168.48.3 SM: 255.255.224.0 and when I connect with openvpn I receive the ip 10.8.0.6 SM: 255.255.255.252

    Ervin
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, August 26 2018, 12:12 PM - #Permalink
    Resolved
    0 votes
    Where is ClearOS in your set up? Is it standalone on your LAN and you have port forwarded udp:1194 to it from your router? What LAN subnet are you connecting from when your laptop is external and what LAN subnet are you connecting to (the ClearOS LAN subnet).

    It is not usual for OpenVPN to give out IP's from the DHCP subnet.
    The reply is currently minimized Show
Your Reply