So, Here is the endeavor
Network layout:
Outside world -- Modem - DMZ--ClearOS 6.5(OpenVPN Server) (Is in gateway mode)
client Network layout:
Outside world -- Modem -- Router(DD-WRT) -- Client
///////////
the client has one of OpenVPN's default Ip ranges (10.8.0.x)
/////////
Is it possible to port forward to the tun in the same way one would port forward to a lan address
in example:
say port 80
On local lan like mine (10.10.10.0/8)
you could just say
starting port:80
ending port:80
ip: 10.10.10.x
HOWEVER
to port forward to an VPN client this method doesn't work
starting port:80
ending port:80
ip: 10.8.0.x
////////////////////////////////////
I am probably just being hopeful for nothing. I just would like to be able to run services from my laptop on-the-go sometimes.
Network layout:
Outside world -- Modem - DMZ--ClearOS 6.5(OpenVPN Server) (Is in gateway mode)
client Network layout:
Outside world -- Modem -- Router(DD-WRT) -- Client
///////////
the client has one of OpenVPN's default Ip ranges (10.8.0.x)
/////////
Is it possible to port forward to the tun in the same way one would port forward to a lan address
in example:
say port 80
On local lan like mine (10.10.10.0/8)
you could just say
starting port:80
ending port:80
ip: 10.10.10.x
HOWEVER
to port forward to an VPN client this method doesn't work
starting port:80
ending port:80
ip: 10.8.0.x
////////////////////////////////////
I am probably just being hopeful for nothing. I just would like to be able to run services from my laptop on-the-go sometimes.
In VPN
Share this post:
Responses (12)
-
Accepted Answer
-
Accepted Answer
What would changing the subnet help? I have the gateway def1 in the client.conf - so I can access smb servers on the lan through the tun.
Just to clarify a bit more:
Say I wanted to host a ventrilo server from my laptop on the go(at a hotel) for team collaboration.
After connecting to the VPN I receive a 10.8.0.x address with a subnet of 255.255.255.0
So far I have only tried to use that address with the port forwarding app (I am having a busy month)
Is there a way to configure a port forward from that address to the clearos wan?
Clearos 6.5 -
Accepted Answer
If you are connecting in from a machine which is already on a 10.8.0.0/24 subnet then you will manage a connection but no traffic will pass if OpenVPN also uses a 10.8.0.0/24 subnet.
Consider this. Your PC gets an IP 10.8.0.x from its LAN. It gets 10.8.0.y from OpenVPN and it sets a default route to ClearOS. Then you try to send traffic via ClearOS 10.8.0.1. OpenVPN says go down the tunnel. But the tunnel connects through the LAN so the PC tries to route OpenVPN through the LAN, but that is a 10.8.0.0/24 address which you've said to go down the VPN......... -
Accepted Answer
-
Accepted Answer
10.10.10.x/8 covers the entire range 10.0.0.0 - 10.255.255.255 so 10.8.0.x/24 is included in the lan subnet so you cannot route to it over the VPN. You need to change your OpenVPN subnet to a subnet in 172.16.0.0/12 or 192.168.0.0/16.
P.S. unless it is a mega corp, whoever runs the 10.0.0.0/8 LAN, using a /8 subnet rather than a subset or it is a bit of a sledgehammer. It allows 16,777,214 IP addresses on the LAN. That is a lot of devices!! -
Accepted Answer
-
Accepted Answer
If you cut down the LAN to a /24 subnet, e.g. 10.11.12.0/24 then you can leave OpenVPN where it is. If you need the whole 10.0.0.0/8 address range for your LAN then move OpenVPN to a subnet somewhere in the 172.16.0.0 - 172.31.255.255 range. Also if you do need the whole 10.0.0.0/8 subnet for your LAN then ClearOS is possiblbly not suitable as a gateway! -
Accepted Answer
-
Accepted Answer
There are three private IP ranges:
10.0.0.0 - 10.255.255.255 (10.0.0.0/8)
172.16.0.0 - 172.31.255.255 (172.16.0.0/12)
192.168.0.0 - 192.168.255.255 (192.168.0.0/16)
Anywhere in those ranges would be suitable. If your ISP gives out IP's in the range 172-174.x.x.x it seems to indicate he is giving out public IP's. If that is so, he will not be using the 172.16.0.0/12 range whic is private. Just avoid 192.168.0.0/24, 192.168.1.0/24 and possibly 192.168.2.0/24 and 192.168.100.0/24. Be kind (sensible?) and only pick a /24 subnet if that is all you need. The bigger the subnet you pick the more likely it is that you'll have a clash in your remote location.
I'd love to know why you need the whole 10.0.0.0/8 subnet for your LAN. -
Accepted Answer
A new thread here would have been preferable.
Note that having a LAN on the 192.168.1.0/24 (or 192.168.0.0/24) subnet is not brilliant for VPN's.
Your user should be able to contact 192.168.1.101:8082 directly through OpenVPN without any forwarding. Note the traffic will appear from 10.8.0.1 (I think) so the machine at 192.168.1.101 should have its firewall open to that subnet as well. Alternatively check the app documentation to see how to NAT the incoming OpenVPN traffic.
It is can more complicated by FQDN if you want to force traffic through the VPN instead of externally.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »