I’ve been working on getting IPFire’s OpenVPN to allow me to access my office network from home. I read several articles about setting up ‘road warrior’ access for Windows 10 using OpenVPN like IPFire Wiki and one from Ionos.
I am able to connect from home and see the GREEN interface address with ping and I can use by web browser to access the IPFire admin pages using the GREEN address. But I cannot see anything else on the GREEN network. Everything I read tells me that I should be a member of the office network once connected from home, but I am not.
Is there a better, more understandable and clear web site I should read that explains how to set this up? Thanks!
EDIT: I was just looking at the client side OpenVPN log and I found this:
Successful ARP Flush on interface [14] {0BCD6FCA-7F36-4069-9D57-4BF2A288420D}
MANAGEMENT: >STATE:1585068976,ASSIGN_IP,,10.22.248.6,,,,
TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
MANAGEMENT: >STATE:1585068981,ADD_ROUTES,,,,,,
C:\WINDOWS\system32\route.exe ADD 10.22.248.1 MASK 255.255.255.255 10.22.248.5
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 192.168.42.0 MASK 255.255.255.0 10.22.248.5
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Initialization Sequence Completed
MANAGEMENT: >STATE:1585068981,CONNECTED,SUCCESS,10.22.248.6,aa.bb.cc.ddd,pppp,192.168.1.6,50946
As I understand what I’ve been reading, I think my Windows client should have a valid route to the GREEN network at this point. I checked /etc/sysctl.conf on the IPFire machine to ensure net.ipv4.forward = 1 (it does)
I think what may be missing is the necessary routing between the private internal network for OpenVPN and the office network. Here’s the routing table from IPFire:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 0 0 0 red0
10.22.248.0 10.22.248.2 255.255.255.0 UG 0 0 0 tun0
10.22.248.2 * 255.255.255.255 UH 0 0 0 tun0
aa.bb.cc.ddd * 255.255.255.248 U 0 0 0 red0
gateway * 255.255.255.255 UH 0 0 0 red0
192.168.42.0 * 255.255.255.0 U 0 0 0 green0
I think the route is there, but I’m far from an expert on interpreting routing tables. So, any ideas what I have wrong?
EDIT2: One final note: I find that the Windows client is able to ping the GREEN interface address on the IPFire server, but (using a shell on the IPFire machine) I am unable to ping the connected Windows machines assigned address. Is that normal or a clue?