Accessing OpenVPN Clients

[neocheema]

Hi All,

I'm sort of new to Ebox, so excuse me if I've missed something obvious. I've successfully implemented VPN connections to my internal network using Ebox. Here is the scenario.

Internal Lan ( 192.168.137.0/24 )
                   |
   ( Internal ip 192.168.137.23)  (eth1)
        EBOX MACHINE
   (External ip 202.194.xxx.xxx) (eth0)
                   |
             Internet
                   |
            Client Machine

The VPN addresses alloted to client machines are default ie 192.168.160.0/24.

Sometimes I want to reach the client machines from my internal network. I am able to ping the client machines(eg 192.168.160.11) from the EBOX machine. Tracepath command tells me that these packets route through 192.168.160.1. But I'm not able to ping those clients from machines on the internal network. I've tried adding static routes, but Ebox doesn't allow me to add that, saying gateway 192.168.160.1 is unreachable.

I know I can connect to client using their "real" IPs, but due to some limitations, I can't use that. Is there a way to connect to these computers using only their VPN addresses? Any help will be appreciated.

[Saturn2888]

There's a few ways. I've had this problem myself actually. Are they Windows or Linux machines on the other side? I highly recommend doing a search in the forums because I've had this same issue many times. Here's a solution that might work.

// File Location
/usr/share/ebox/stubs/openvpn

// Local (Make sure you edit the IP addresses for DNS, WINS, and DOMAIN)
<%def advertisedNets>
<%args>
@nets
</%args>
% foreach my $net (@nets) {
%   my ($net, $netmask) = @{ $net  };
   push "route <% $net %> <% $netmask %>"
   push "dhcp-option DNS 192.168.1.1"
   push "dhcp-option WINS 192.168.1.1"
   push "dhcp-option NBT 2"
   push "dhcp-option DOMAIN local"
%}
</%def>

// Restart OpenVPN
/etc/init.d/ebox openvpn restart