Content #
The client-side network 192.168.4.0/24(client: 10.200.0.2) needs to be routed over the VPN tunnel to the server(10.200.0.1).
- On the listening end(server)
openvpn --ifconfig 10.200.0.1 10.200.0.2 \
--dev tun --secret secret.key 0 \
--route 192.168.4.0 255.255.255.0 \
--daemon --log /var/log/movpn-server.log
a route statement was added to tell OpenVPN that the network 192.168.4.0/24 is founded at the other end of the tunnel. Instead of using route statement, we can also use iproute2 command:
[root@server]# ip route add 192.168.4.0/24 via 10.200.0.2
- On the client side
openvpn --ifconfig 10.200.0.2 10.200.0.1 \
--dev tun --secret secret.key 1 \
--remote server.endpoint \
--daemon --log /var/log/movpn-client.log
配置后从服务器ping 192.168.4.0/24网段的主机,还是不会通,原因是服务器端接收不到客户端网络的主机的响应。要保证畅通,还需要以下配置:
-
Enable IP Forwarding or Routing /etc/sysctl.cnf net.ipv4.ip_forward=1 sysctl -p
-
Make sure there is a route back to the server This can be done by adding a route to the LAN gateway, or by adding a static route to each of the machines on the client LAN.
ip route add 10.200.0.0/24 via 192.168.4.100192.168.4.100为OpenVPN client主机在LAN中的IP地址。