OPENVPN Network setup behind a NAT Router

[rockafellar]

Hi,

I am sure this is pretty basic question but I am not sure of how to handle the OPENVPN Network setup.

I am trying to setup a VPN for my small office so that I can work on it remotely.

I have the OPENVPN Server sitting behing a NAT box and I have opened a pinhole to forward port 1194 traffic to the OPENVPN box. This setup works fine as I can connect remotely to this server and it assigns the remote machine an IP in the 10.8.x.x range.

The real problem arises while trying to connect to PC's that are connected to the NAT Box as their IP Range is in the 192.168.x.x range as they are receiving ip's from the NAT box.

I am confused as to whether the open vpn server should also serve as a dhcp server for the internal network or can the internal network get ip's from the NAT Router and the OPENVPN can be one of the clients of the NAT Box.

So this is overall openvpn setup

ISP ----------------|============ |
| DSL Modem |
| NAT Router |
+++++++++++++
|
|
|
--------------------------------------------------------------------------------------------
| | | |
OpenVPN PC 2 PC 3 PC 4 ................
Server

Notes:
1) The main internet connection comes to the NAT Router
2) A firewall pin hole is opened to forward all OpenVPN (port 1194) traffic to PC 1(OPENVPN) on the NAT Box
3) The NAT Router's IP Range is 192.168.0.0/24 network

The problem with this setup is that I can connect to the OPENVPN from outside but I cannot connect to PC2/PC3 etc as their IP's are in the 192.168 range.

So my question is should I setup some kind of forwarding on the openvpn server so that I can connect to PC2 /PC3 or should the open vpn server be acting as the main gateway and assiging IP Addresses to PC 2 / PC 3 etc

I hope I am making sense here.

[sky-knight]

Your question appears to be in regard to the OpenVPN server specifically and not to an Untangle OpenVPN module. Please direct your inquiry to the OpenVPN.org community they will be able to help you must better.

[napoleon41]

1.) put untangle in transparent mode
2.) disable DHCP on untangle (1 dhcp server per subnet)
3.) When you configured your VPN pool in untangle for the openvpn network, it HAS TO BE a different subnet than your main network. If you specifiy the same network, it screws up the IP routing and doesn't work.
4.) Put a route in your firewall (nat gateway) that point this openvpn network to the untangle box's internal ip.

so, if the untangle box's internal ip address is 192.168.0.2 and the openvpn network is 192.168.1.0 /24, make a routing rule on your firewall that directs traffic for the openvpn 192.168.1.0 network to 192.168.0.2 (untangle box).

You would only want to do this type of setup if your firewall box is something special. If it's a linksys or something and you aren't making ipsec vpn tunnels with it, get rid of it.

Untangle has more bells and whistles for security (IPS, antivirus, attack blocker, firewall, etc) than any basic nat router. Remove the nat router, put untangle in it's place in router mode and make it the DHCP server.

[pirateghost]

I think the issue here is that you are trying to connect to your VPN from within the same network. Am I right?

AFAIK that is not possible.

[sky-knight]

Quote:

Originally Posted by pirateghost

I think the issue here is that you are trying to connect to your VPN from within the same network. Am I right?

AFAIK that is not possible.

Oh it is "possible" but can be very unwise... depends on the network.