Hi to everyone, i'm newby on clearos.
I configure my server as Gateway with DHCP, FIREWALL, VPN function (with openvpn module).
This is the description of my lan
Modem/Router (192.168.0.1) with port forwarding to clearos (192.168.0.100)
Clearos eth1 (192.168.0.100) eth2 (192.168.1.250)
All client (192.168.1.x)
I try to connect from the outside and my client (windows) gets a suitable ip (192.168.1.6) but a mask 255.255.255.252 and as dhcp 192.168.1.5 (another client gets 192.168.1.9, mask 255.255.255.252 and dhcp 192.168.1.8. Obviously this configuration does not correctly allow me to browse my internal network.
this is my client configuration
client
remote xxx 1194
route 192.168.1.0 255.255.255.0
dev tun
proto udp
infinite resolv-retry
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-xxx-cert.pem
key client-xxx-key.pem
ns-cert-type server
comp-lzo
route-method exe
verb 3
auth-user-pass
this is the clients.conf configuration
port 1194
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 192.168.1.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 0
status /var/lib/openvpn/openvpn-status.log
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verb 3
push "dhcp-option DNS 192.168.1.250"
push "dhcp-option DOMAIN xxx.local"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option WINS 192.168.1.250"
Any suggestions?
I configure my server as Gateway with DHCP, FIREWALL, VPN function (with openvpn module).
This is the description of my lan
Modem/Router (192.168.0.1) with port forwarding to clearos (192.168.0.100)
Clearos eth1 (192.168.0.100) eth2 (192.168.1.250)
All client (192.168.1.x)
I try to connect from the outside and my client (windows) gets a suitable ip (192.168.1.6) but a mask 255.255.255.252 and as dhcp 192.168.1.5 (another client gets 192.168.1.9, mask 255.255.255.252 and dhcp 192.168.1.8. Obviously this configuration does not correctly allow me to browse my internal network.
this is my client configuration
client
remote xxx 1194
route 192.168.1.0 255.255.255.0
dev tun
proto udp
infinite resolv-retry
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-xxx-cert.pem
key client-xxx-key.pem
ns-cert-type server
comp-lzo
route-method exe
verb 3
auth-user-pass
this is the clients.conf configuration
port 1194
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 192.168.1.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 0
status /var/lib/openvpn/openvpn-status.log
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verb 3
push "dhcp-option DNS 192.168.1.250"
push "dhcp-option DOMAIN xxx.local"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option WINS 192.168.1.250"
Any suggestions?
In OpenVPN
Share this post:
Accepted Answer
You'll need to undo some changes you've done. The OpenVPN subnet should not be the same as your LAN. Can you set it back to 10.8.0.0/24 or something else which does not clash with any subnet known to ClearOS (so not 192.168.0.0/24).
When it comes to VPN's it is a very good idea to keep your LAN away from 192.168.0.0/24 and 192.168.1.0/24 as the majority of domestic routers use those on their LAN. If you connect from somewhere with the same LAN subnet as you, you'll be able to connect but not pass traffic.
Please can you have a read of the app documentation, to determine if you need to NAT the incoming packets? By default the ClearOS set up does not. There are pro's and con's of this. If you do need to NAT them, there is a sample Custom Firewall rule in the docs.
When it comes to VPN's it is a very good idea to keep your LAN away from 192.168.0.0/24 and 192.168.1.0/24 as the majority of domestic routers use those on their LAN. If you connect from somewhere with the same LAN subnet as you, you'll be able to connect but not pass traffic.
Please can you have a read of the app documentation, to determine if you need to NAT the incoming packets? By default the ClearOS set up does not. There are pro's and con's of this. If you do need to NAT them, there is a sample Custom Firewall rule in the docs.
Responses (3)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
perhaps expand your network and use the expanded space, reserved (don't change dhcp to hand out ip address in that space, for the openvpn route. i've been wanting to try this.
i run a rather large network in the class c range and have been using supernetting without any issues to date.
i've noted with openvpn, some applications (whs) doesn't work with the network being class c and route class a. probably being strict with the network mask.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »