VPN network Theory (Gargoyle)

[ispyisail]

Try making that "tun". I know that might be a bit counterintuitive given the rest of them say tun0.

Bad things happen

The router is slow and then gets into a reboot loop

Tried to remove the rule but it made no difference

In the end, router reset was required

[Lantis]

I think technically the “device” is tun0 and the “interface” is tun.
I’m not sure why it ended up in a bad state.

[ispyisail]

@Lantis what version of OpenVPN are we currently using?

My current thinking is another solution could be a different OpenVPN configuration

[Lantis]

OpenVPN 2.5.7
The "route" directive is possibly what you're looking for.

[ispyisail]

I can't believe it, I got it to work

It just opens up a whole new world of possibilities

Code: Select all

C:\Users\User>tracert 192.168.1.118

Tracing route to SVR [192.168.1.118]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  Gargoyle.lan [192.168.10.1]
  2    35 ms    28 ms    33 ms  10.8.0.1
  3    23 ms    33 ms    28 ms  192.168.1.1
  4    37 ms    28 ms    29 ms  SVR [192.168.1.118]

Trace complete.

Modify the ccd file

Code: Select all

/etc/openvpn/ccd/client1

I manually added the last line

Code: Select all

ifconfig-push 10.8.0.2 255.255.255.0
iroute 192.168.10.0 255.255.255.0
push "route 192.168.175.0 255.255.255.0 10.8.0.1"
push "route 192.168.123.0 255.255.255.0 10.8.0.1"
push "route 192.168.33.0 255.255.255.0 10.8.0.1"
push "route 192.168.16.0 255.255.255.0 10.8.0.1"
push "route 192.168.20.0 255.255.255.0 10.8.0.1"
push "route 192.168.2.0 255.255.255.0 10.8.0.1"
push "route 192.168.1.0 255.255.255.0 10.8.0.1"

[ispyisail]

I assume manual changes will get wiped out on the router config change

If I ask nicely

[Lantis]

So just so I understand the use case, you’re basically letting clients know about additional subnets behind the server?
I can probably add that.

[ispyisail]

I like using pictures



In my case 192.168.1.1 is a ubnt USG Pro with full control of the network. Now that I can get access to 192.168.1.0 I can do all sorts of things

The problem with Ubnt USG Pro is unless all devices are Ubnt they make it incredibly hard to make a VPN connections.

[ispyisail]

FYI I need to stick with Ubnt USG Pro because I'm starting to get into VLANS and multi-networks for work.

My work only has 8 or so employee's and a few years ago we only had 10 or 20 devices on one subnet.

Now we have 250 or more. We just connected the boss's house with a 10km wireless link and that has added another 20 devices.

I need to start thinking about a more advanced network

In my dream world, it would be good if Gargoyle could do multiple networks like the USG



But I suspect thats getting out of the Gargoyle scope

[ispyisail]

@Lantis

If you do manage to add something can you use a format similar to static routes? In not so fussed about the layout but I need to add quite a few custom routes