How to set up OpenVPN to let the VPN clients to access all the servers inside the server LAN?

Solution 1:

Make sure that the ip forwarding is acutally enabled

echo 1 > /proc/sys/net/ipv4/ip_forward

Also, in order for route push to work, the servers on the inside also needs to know the route to your OpenVPN client IP address. So they will need to know the route to

You can most likely make iptables do the routing via masquerade using

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT

Solution 2:

If Your LAN network really is, then you can get a lot of problems. Because most routers have that default network. So, when You are on guest network, Your computer can get an ip from network. So, You cannot access your remote network, but guest network. I suggest choose another network for your LAN and VPN. for example for LAN and for vpn. xx depends on how much vpn clients are connecting to LAN.

here is my fw script for openvpn


iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT

# Allow packets from private subnets
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT

# i have multiple vpn networks
# = LAN
iptables -t nat -A POSTROUTING -s -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s -o eth1 -d -j MASQUERADE # to single server access only

echo 1 > /proc/sys/net/ipv4/ip_forward