Access client of another VPN

Dear Team,

I am setting up OpenVPN Tunnels and my Tunnel server is in office and Tunnel client is remote site in which they are already in different VPN network.

How to access to the Tunnel client machines which has different gateway.

Tunnel server IP range 192.168.5.0/24 with tunnel server ip as gateway.
Tunnel client IP range 192.168.46.0/24 with the gate way of 192.168.46.254 where as the tunnel client vpn ip 192.168.46.125.

I can able to ping 192.168.46.0/24 from client nethserver terminal.
how to route or use iptable to access 192.168.46.0/24 machines from tunnel server.

Regards,
Sankar.

Hi @Rajagopalan_Sankar

You need to set a route for OpenVPN, eg 192.168.5.0/24 on each of those client machines pointing to the LAN IP of your NethServer…

You also need to adapt the local firewalls of those Windows boxes to allow access from the OpenVPN network (for RDP, or any other needed port).

My 2 cents
Andy

Dear Andy,

My tunnel client network look like this:
eno1=ethernet|bootproto|dhcp|gateway||ipaddr||netmask||nslabel||role|red
enp1s0=ethernet|bootproto|none|gateway||ipaddr|192.168.46.125|netmask|255.255.255.0|nslabel||role|green
enp2s0=ethernet|bootproto|none|gateway||ipaddr|192.168.47.125|netmask|255.255.255.0|nslabel||role|green
enp4s0=ethernet|role|
ppp0=xdsl-disabled|AuthType|auto|FwInBandwidth||FwOutBandwidth||Password||name|PPPoE|provider|xDSL provider|role|red|user|
red1=provider|interface|eno1|weight|1
wlp5s0=ethernet|role|

and route look like:
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eno1
10.10.0.0 10.69.17.1 255.255.0.0 UG 0 0 0 tuncho-chennai
10.69.17.0 0.0.0.0 255.255.255.0 U 0 0 0 tuncho-chennai
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
192.168.5.0 10.69.17.1 255.255.255.0 UG 0 0 0 tuncho-chennai
192.168.46.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
192.168.47.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0
where eno1 is internet DHCP

Regards,
Sankar.

Hi @Rajagopalan_Sankar

OK, so your NethServer is also a firewall / router (Not needed for OpenVPN…).
This makes your rules / routes much more complicated.

→ It would have been MUCH simpler, to leave all internal routing to your existing firewall, and also VPN access. NethServer would only need one NIC…

NethServer can easily be your OpenVPN server with a single NIC. This needs only a port-forward on your existing router / firewall (For the OpenVPN port, usually UDP-1194), additionally a route for the OpenVPN network pointing o your NethServers LAN IP.

But still, it should work if you add in the route to your OpenVPN IP (192.168.5.0/24, Gateway 192.168.46.125) on all your hosts you need to be able to access. This route needs to point to the LAN-IP of your NethServer.
You could also add the route to your existing firewall / router - less work!
As the situation is at the moment, you do not need additional routes or rules on your NethServer.

My 2 cents
Andy