I have set up an openvpn server according to my needs: I need to have 256 subnets and for each subnet I need 256 users, so I thought about creating a server of type 10.8.0.0/16. The server runs on ubuntu server 18.04 and the version of iptables is 1.6.0.
These are my goals:
- each host must be able to see the hosts of the same subnet (done);
- each subnet must be isolated (done);
- Hosts of subnet 10.8.1.0 must be able to reach hosts of any other subnet (missing)
For the test I have two subnets: 10.8.0.0 and 10.8.1.0, I have ufw disabled and I tried with the following command:
iptables -A FORWARD -i tun0 -s 10.8.1.0/16 -d 10.8.0.0/16 -j ACCEPT
But anyway from the 10.8.1.0 subnet I can’t reach the 10.8.0.0 subnet. I think I am doing something wrong with the subnets,network masks or with the iptables commands, but I don’t understand what. Can someone help me?
Here is the server.conf:
port 1194 proto udp dev tun topology subnet ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem server 10.8.0.0 255.255.0.0 ifconfig-pool-persist ipp.txt client-config-dir ccd client-to-client keepalive 10 600 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3
Each user will have a file in the ccd folder which will specify the mask and IP address, below is an example of client1:
ifconfig-push 10.8.0.55 255.255.255.0
Now I have created a new certificate called client2, which will have the following information:
ifconfig-push 10.8.1.4 255.255.255.0
The client1 connects and gets the address 10.8.0.55, the client2 connects and gets the address 10.8.1.4.
How can I get access to the 10.8.0.0 subnet?
I hope I have been clear in describing the problem
- UPDATED 14/04/2021 –
Answer
Attribution
Source : Link , Question Author : therock24 , Answer Author : Community