I know that this title seems to be "over answered", but really I had no luck while searching...
EDIT: I've updated the diagram and the question, to be more precise
To better explain my situation, here is a little diagram:
I'm trying to have "PC Home" acting like "PC Work": - browsing all sites that should be unavailable from other network than 10.42.0.x - SSH other local client on 10.42.x.x network - Use DNS provided by work network (for custom TLD)
In other word, I want that PC Home "become" PC Work.
I know it's possible with 2 clients connected to one OpenVPN intermediary (Client OpenVPN on PC Home -> OpenVPN Server -> Client OpenVPN on PC Work -> Use network from PC Work).
But I have a really low knowledge of network infrastructures...
Could somebody explain to me how to to this ? (TAP instead of TUN ? Maybe client-to-client connection ? Iptables rules to forward ?)
Oh, I forgot ; I'm working on Linux, PC Home is on Ubuntu 18.04 (but should work with any OS), OpenVPN Server on Ubuntu 18.04 too, and PC Work is on Raspbian :)
Thanks ! Some actual configuration files:
Server configuration file :
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
In IPP file I specify VPN IP for Client Home and Client Work (10.8.0.10 and 10.8.0.20). IP Forwarding is enabled on server. On server /etc/ufw/before.rules, I added these lines :
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
Tell me if I miss some other useful things :)
Thanks !