server -> client communication in an ovpn scenario

1001001 · September 24, 2012, 10:04am

Hello everybody,

I’ve a little problem with the implementation of of a ovpn solution. I’ve set up a RB1100AHx2 as vpn server and RB751G as vpn-clients it all works like charm. My only remaining problem is that can’t reach the clients through the vpn tunnels, hence its impossible to manage them remotely without having to go throught the actual WAN IP. Does any have an idea how i can solve that.

My routing table on the server side looks as follows

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          80.252.104.1              1
 1 A S  10.0.10.0/24                       80.252.104.1              1
 2 ADC  10.0.10.213/32     10.0.10.1       <ovpn-client>             0
 3 ADC  xxx.xxx.xxx.0/24    xxx.xxx.xxx.242  ether6                    0
                                           ether2            
 4 ADC  192.168.88.0/24    192.168.88.1    ether1                    0

Thanx in advance for any contribution!

mrz · September 24, 2012, 10:33am

If you want to route over the tunnel, then OVPN assigned addresses should not be from the same subnet as local network.

1001001 · September 24, 2012, 11:14am

Ok, by local network do you mean the server or client side?

mrz · September 24, 2012, 12:57pm

I mean both sides. In your case for OVPN instead of addresses from 10.0.10.0/24 network use for example 192.168.1.1 and 192.168.1.2 Then add route on to reach 10.0.10.0/24 network
/ip route add dst-address=10.0.10.0/24 gateway=192.168.1.x

1001001 · September 24, 2012, 1:28pm

Ahh, I see. Gonna try that tomorrow. Thank you!

Another thing, lets assume I have 200 clients connecting via ovpn is there anyway to identify them on the serverside with bidirectional communication enabled?