Question OpenVPN (personal computer - domain network)

[Mazila9968]

My colleague installed Linux (Ubuntu) OpenVPN server for remote work from home and remote devices from the domain network. In the domain we have such subnets as 192.168.(0/1/3/4/6/11/24).0 . The connection between the networks is via CiscoVPN (each network is a different work office). I would like to note: subnet 6 has a mask of 23, and all the others 24.
When connecting to OpenVPN from a home computer, it is possible to ping all subnets and devices, with the exception of 6. In turn, from the OpenVPN server itself, ping to absolutely all subnets is available. What could be the problem? I don’t know how the routes (if there is a ping from the server) can affect and how to configure them differently.

 

[bill001g]

Way to complex a installation to easily troubleshoot on a forum.

It all depends where the actual router function is that routes between those subnets. Also it depends on how the vpn is assigning IP addresses to the remote clients. Does that also have its own dedicated subnet or is it assigning them IP out of one of the other subnets.

The most common cause would be you either have some device configured with the wrong subnet mask for the "6" network or you have the gateway IP for one or more of the subnets set incorrectly. Could be the DHCP function where ever that is being done.

Again way to many ways you can implement stuff like this to say for sure. If all the router and vpn are all done on the same server it is likely something wrong on that.

 

[Mazila9968]

Way to complex a installation to easily troubleshoot on a forum.

It all depends where the actual router function is that routes between those subnets. Also it depends on how the vpn is assigning IP addresses to the remote clients. Does that also have its own dedicated subnet or is it assigning them IP out of one of the other subnets.

The most common cause would be you either have some device configured with the wrong subnet mask for the "6" network or you have the gateway IP for one or more of the subnets set incorrectly. Could be the DHCP function where ever that is being done.

Again way to many ways you can implement stuff like this to say for sure. If all the router and vpn are all done on the same server it is likely something wrong on that.

OpenVPN gives addresses from the pool - 172.27.224.0/24 . General route server that knows all the paths - 3.33 . It is registered as a gateway for my OpenVPN server - so I can ping all subnets from it

 

[palladin9479]

OpenVPN gives addresses from the pool - 172.27.224.0/24 . General route server that knows all the paths - 3.33 . It is registered as a gateway for my OpenVPN server - so I can ping all subnets from it

This is routing related and a result of a halfway thought out design.

The OpenVPN device itself is a router, you just don't know it. I'm going to assume it's topology mode subnet as that's the most common, so the OpenVPN server has a TUN interface as 172.27.224.1 and routes for 172.27.224.0/24. The other network adapter (physical/virtual) should have a status IP address on it's host subnet.


Now this gets network architecture depending, if you are doing dynamic routing like OSPF then you can install quagga onto the OpenVPN server and have it form adjacency with that sites router and advertise the VPN subnet through that. If your not doing dynamic routing (my suspicion), then you need to ensure the every router in the network has a route statement that says that OpenVPN subnet is available through the local IP address of the OpenVPN server. This might be best discussed through PM's as I might need network diagrams to show you where the problems are at.

I've built multi-site networks where every location is in a different country with redundant VPN connects to each other, all using just OpenVPN + Quagga + Shorewall.

 

[Mazila9968]

This is routing related and a result of a halfway thought out design.

The OpenVPN device itself is a router, you just don't know it. I'm going to assume it's topology mode subnet as that's the most common, so the OpenVPN server has a TUN interface as 172.27.224.1 and routes for 172.27.224.0/24. The other network adapter (physical/virtual) should have a status IP address on it's host subnet.


Now this gets network architecture depending, if you are doing dynamic routing like OSPF then you can install quagga onto the OpenVPN server and have it form adjacency with that sites router and advertise the VPN subnet through that. If your not doing dynamic routing (my suspicion), then you need to ensure the every router in the network has a route statement that says that OpenVPN subnet is available through the local IP address of the OpenVPN server. This might be best discussed through PM's as I might need network diagrams to show you where the problems are at.

I've built multi-site networks where every location is in a different country with redundant VPN connects to each other, all using just OpenVPN + Quagga + Shorewall.

At the moment it so happened that I am the most important manager of data transmission networks. I did not understand much - where the routes should be. Direct example: 3.33 has all the routes to other networks. On the server where OpenVPN is located, this route is laid. Are you saying that something else needs to be written in the VPN web interface itself?
As I wrote above - all visits except 6 are pinged from the home network. I don't see any pattern in the problem, except for the difference in the subnet mask.