Let's say we have a local subnet 192.168.1.0/24 that needs to be connected bidirectionnaly to a machine on any VPS (Amazon EC2, Linode, Vultr, etc...) through the 10.8.0.0/24 subnet created using OpenVPN.
Part of this has been done already. It's pretty straightforward to connect the VPS machine using TUN. We've also successfully given it access to the local subnet using this command in the config file:
route 192.168.1.0 255.255.255.0
It can now connect to any computer in that local subnet. The problem resides connecting the other way around. Local machines can't find any route to the VPS server.
What config should be added to either the VPS machine or the local OpenVPN server 192.168.1.3 to allow routing from 192.168.1.10 to 10.8.0.10? As of our actual config, traceroute can't reach the destination.
Here is an overview of the config file residing on the server
local 192.168.1.3
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
max-clients 1
route 192.168.1.0 255.255.255.0 192.168.1.1
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
[... certificates here ...]
Here is the client's config:
client
dev tun
proto udp
remote [... our VPN's public address ...] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
route 192.168.1.0 255.255.255.0
[... certificates here ...]
