Linking two networks via OpenVPN with one endpoint not the primarygateway

So basicallly I have the following setup:

-----------------------------------------------------------------------------------
|Netgear Router: 192.168.137.1 |
|Serves 192.168.137.0/24 Network |
|Static Route: 10.0.10.0/255.255.255.0 -> 192.168.137.6 |
-----------------------------------------------------------------------------------
|
|
|
|
|
--------------------------------
|Debian Machine |
| |
|eth0: 192.168.137.6 |
| |
|tun0: 10.0.11.2 |
--------------------------------
|
| V
| P
| N
|
------------------------------------------------
|VPN Endpoint/Gateway/Router |
|tun0: 10.0.11.1 |
|eth0: Internet |
|eth1: 10.0.10.0/24 Network |
------------------------------------------------

The 10.0.10.0/24 network can talk to the debian system just fine, and
vice versa. However I want the 192.168.137.0/24 network to be able to
communicate to the 10.0.10.0/24 network. I'm not too familiar beyond
the basics of the route command in linux, but I think this should be
doable with some small configuration. Unfortunately I don't have
physical access to the debian machine, otherwise i would probably make
it the primary gateway. I was thinking that i need to set up some
forwarding via iptables, i attempted to write some rules, but they
appeared to have no effect. Anyone have any ideas?

Hello,

I believe your 10.0.10.0/24 network is set up with default gateway to
the "VPN end point" machine, so you can reach it and also the Debian
machine on 10.0.11.2 address, because of the OpenVPN tunnel.

Probably, from the same 10.0.10.0/24 network, you'll not reach your
Debian machine on 192.168.137.6 address, because the default gateway on
your "VPN end point" is for eth0 (internet) network.
The same if you try to reach other 192.168.137.0/24 hosts.

You can fix your problem adding a static route to the VPN gateway router.
Something like
Static Route: 192.168.137.0/24 -> 10.0.11.2

Be sure also to enable IP routing on your Debian Machine.
This can be done with "echo 1 > /proc/sys/net/ipv4/ip_forward" on the fly.
However you'll need it always, at every startup of the machine, so you
can set up your startup scripts to enable IP routing.
Usually (check better for Debian) this can be done adding the line
FORWARD_IPV4=yes to the file /etc/sysconfig/network

Regards
Damiano

(E-Mail Removed) wrote:
> So basicallly I have the following setup:
>
> -----------------------------------------------------------------------------------
> |Netgear Router: 192.168.137.1 |
> |Serves 192.168.137.0/24 Network |
> |Static Route: 10.0.10.0/255.255.255.0 -> 192.168.137.6 |
> -----------------------------------------------------------------------------------
> |
> |
> |
> |
> |
> --------------------------------
> |Debian Machine |
> | |
> |eth0: 192.168.137.6 |
> | |
> |tun0: 10.0.11.2 |
> --------------------------------
> |
> | V
> | P
> | N
> |
> ------------------------------------------------
> |VPN Endpoint/Gateway/Router |
> |tun0: 10.0.11.1 |
> |eth0: Internet |
> |eth1: 10.0.10.0/24 Network |
> ------------------------------------------------
>
> The 10.0.10.0/24 network can talk to the debian system just fine, and
> vice versa. However I want the 192.168.137.0/24 network to be able to
> communicate to the 10.0.10.0/24 network. I'm not too familiar beyond
> the basics of the route command in linux, but I think this should be
> doable with some small configuration. Unfortunately I don't have
> physical access to the debian machine, otherwise i would probably make
> it the primary gateway. I was thinking that i need to set up some
> forwarding via iptables, i attempted to write some rules, but they
> appeared to have no effect. Anyone have any ideas?

On Jun 9, 3:35*pm, Damiano Fasoli <damianofas...@libero.it> wrote:
> Hello,
>
> I believe your 10.0.10.0/24 network is set up with default gateway to
> the "VPN end point" machine, so you can reach it and also the Debian
> machine on 10.0.11.2 address, because of the OpenVPN tunnel.
>
> Probably, from the same 10.0.10.0/24 network, you'll not reach your
> Debian machine on 192.168.137.6 address, because the default gateway on
> your "VPN end point" is for eth0 (internet) network.
> The same if you try to reach other 192.168.137.0/24 hosts.
>
> You can fix your problem adding a static route to the VPN gateway router.
> Something like
> Static Route: 192.168.137.0/24 -> 10.0.11.2
>
> Be sure also to enable IP routing on your Debian Machine.
> This can be done with "echo 1 > /proc/sys/net/ipv4/ip_forward" on the fly..
> However you'll need it always, at every startup of the machine, so you
> can set up your startup scripts to enable IP routing.
> Usually (check better for Debian) this can be done adding the line
> FORWARD_IPV4=yes to the file /etc/sysconfig/network
>
> Regards
> Damiano
>
>
>
> MGS...@gmail.com wrote:
> > So basicallly I have the following setup:
>
> > --------------------------------------------------------------------------- --------
> > |Netgear Router: 192.168.137.1 * * * * * * * * * * * * * * * * * * |
> > |Serves 192.168.137.0/24 Network * * * * * * * * * * * * * * * * |
> > |Static Route: 10.0.10.0/255.255.255.0 -> 192.168.137.6 |
> > --------------------------------------------------------------------------- --------
> > * * *|
> > * * *|
> > * * *|
> > * * *|
> > * * *|
> > --------------------------------
> > |Debian Machine * * * |
> > | * * * * * * * * * * * * * * *|
> > |eth0: 192.168.137.6 |
> > | * * * * * * * * * * * * * * *|
> > |tun0: 10.0.11.2 * * * *|
> > --------------------------------
> > * * *|
> > * * *| V
> > * * *| P
> > * * *| N
> > * * *|
> > ------------------------------------------------
> > |VPN Endpoint/Gateway/Router |
> > |tun0: 10.0.11.1 * * * * * * * * * * * *|
> > |eth0: Internet * * * * * * * * * * * * * |
> > |eth1: 10.0.10.0/24 Network * * * |
> > ------------------------------------------------
>
> > The 10.0.10.0/24 network can talk to the debian system just fine, and
> > vice versa. However I want the 192.168.137.0/24 network to be able to
> > communicate to the 10.0.10.0/24 network. I'm not too familiar beyond
> > the basics of the route command in linux, but I think this should be
> > doable with some small configuration. Unfortunately I don't have
> > physical access to the debian machine, otherwise i would probably make
> > it the primary gateway. I was thinking that i need to set up some
> > forwarding via iptables, i attempted to write some rules, but they
> > appeared to have no effect. Anyone have any ideas?

I actually already had the 192.168.137.0/24 -> 10.0.10.2 in place,
OpenVPN places it in the routing table as configured in openvpn
(though i did try manually changing it a few ways to see if that would
help). I have had success by switching the server to the debian
machine and then using the router machine as the client. But had you
not told me about ip_forward, i'd still probably be nowhere. Thanks
for your help!