1
Virtual private networks / Cannot connect to remote network through OpenVPN instance with client overrides
« on: April 01, 2024, 10:26:14 pm »
Hello,
I'm a novice Systems Admin for an Eye Clinic in rural Kansas. We have two locations connected through an IPSec tunnel. Currently I have an OpenVPN instance configured to access the local network of Site A. This functionality is working fine. However, I need the VPN to allow access to both sites and adding Site B as a remote network appears to not change the routing tables of connected clients. I have a client override that also specifies the remote network, and have tried all combinations of server/client override specified remote networks as suggested in other forum posts. I'm at a loss for what to do next. Below I have documented my configuration for the server, client overrides and firewall rules. I'm hoping that someone can spot the issue or suggest an easier alternative to solve the issues. I'm fairly new to all of this and sometimes can be a bit short sided on alternative solutions.
If there is any other information I can provide you with, I'd be happy to ASAP.
Thanks,
Brady
Site A
192.168.229.0/24
Site B
192.168.230.0/24
Server Config:
Role -> Server
Protocol -> UDP
Port -> 194
Bind -> [Router Public IP]
Server4 -> 10.69.69.0
Topology -> Subnet
Certificate -> [Set to server cert gen from internal CA]
Verify Client -> required
Cert Depth -> One
TLS Static Key -> "[auth] static key"
Authentication -> Local Database
Enforce local group -> admins
Strict User/CN Matching -> unticked
Local Network -> 192.168.229.0/24 (Local LAN of host router)
Remote Network -> 192.168.230.0/24 (LAN of router tunneled with IPSec)
Misc:
client-to-client
duplicate-cn
Register DNS ticked
DNS Servers: 192.168.229.1
Client Specific Overrides
CN -> cn of user with cert, admin rights, and password
Server -> [Set to Server]
Local Network => 192.168.229.0/24
Remote Network => 192.168.230.0/24
No redirect gateway settings
Register DNS ticked.
Client Export
File Only
Hostname -> public ip
port 1194
User Random local port
validate server subject
I'm a novice Systems Admin for an Eye Clinic in rural Kansas. We have two locations connected through an IPSec tunnel. Currently I have an OpenVPN instance configured to access the local network of Site A. This functionality is working fine. However, I need the VPN to allow access to both sites and adding Site B as a remote network appears to not change the routing tables of connected clients. I have a client override that also specifies the remote network, and have tried all combinations of server/client override specified remote networks as suggested in other forum posts. I'm at a loss for what to do next. Below I have documented my configuration for the server, client overrides and firewall rules. I'm hoping that someone can spot the issue or suggest an easier alternative to solve the issues. I'm fairly new to all of this and sometimes can be a bit short sided on alternative solutions.
If there is any other information I can provide you with, I'd be happy to ASAP.
Thanks,
Brady
Site A
192.168.229.0/24
Site B
192.168.230.0/24
Server Config:
Role -> Server
Protocol -> UDP
Port -> 194
Bind -> [Router Public IP]
Server4 -> 10.69.69.0
Topology -> Subnet
Certificate -> [Set to server cert gen from internal CA]
Verify Client -> required
Cert Depth -> One
TLS Static Key -> "[auth] static key"
Authentication -> Local Database
Enforce local group -> admins
Strict User/CN Matching -> unticked
Local Network -> 192.168.229.0/24 (Local LAN of host router)
Remote Network -> 192.168.230.0/24 (LAN of router tunneled with IPSec)
Misc:
client-to-client
duplicate-cn
Register DNS ticked
DNS Servers: 192.168.229.1
Client Specific Overrides
CN -> cn of user with cert, admin rights, and password
Server -> [Set to Server]
Local Network => 192.168.229.0/24
Remote Network => 192.168.230.0/24
No redirect gateway settings
Register DNS ticked.
Client Export
File Only
Hostname -> public ip
port 1194
User Random local port
validate server subject