Given this scenario:
_______ _________ _________ _________
| | | | | | | |
| LAN |- - - -| CLIENT1 |======| VPN SRV |=======| CLIENT2 |
|_______| |_________| |_________| |_________|
192.168.1.0/24 192.168.1.100 X.X.X.X 1.3.3.10
| 1.3.3.7 1.3.3.1 _________
_|_ = | |
|pho| ==============| CLIENT3 |
|ne | |_________|
|___| 1.3.3.11
192.168.1.110
= : VPN traffic
- : Client-only LAN Traffic
I wanted to route client1 subnet (LAN) to other VPN clients (client2, client3).
...so...
1. Set client config dir on VPN server
/etc/openvpn/server.conf
> ...
> client-config-dir /etc/openvpn/client
> ...
2. Set static IP and OVPN internal route for that specific peer.
/etc/openvpn/client1
> ifconfig-push 1.3.3.7 255.255.255.0 ## VPN Static IP
> iroute 192.168.1.0 255.255.255.0 ## OpenVPN internal route via client
3. Set server route, allow traffic between clients and push route to clients
/etc/openvpn/server.conf
> ...
> route 192.168.1.0 255.255.255.0
> client-to-client
> push "route 192.168.1.0 255.255.255.0"
> ...
4. Enable ip forwarding on VPN *client* box
Linux:
$ sysctl -w net.ipv4.ip_forward=1
or
$ echo 1 > /proc/sys/net/ipv4/ip_forward
Windows:
"Try to go to the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.
If not already there, create a new REG_DWORD value named IPEnableRouter.
Set IPEnableRouter to 1 and reboot. Packet forward should now be enabled.
To add static routes use the route command."
- https://serverfault.com/a/929086
5. Route client's subnet devices through VPN client box, pick one (or more):
- pfsense
- openWRT
- set VPN client box as gateway (manual or DHCP server)
- add custom routes on subnet devices:
C:\Users\egoist> route ADD 1.3.3.0 mask 255.255.255.0 192.168.1.100
or
yuki@nostalgia:~# ip route add 1.3.3.0/24 via 192.168.1.100 dev eth0
(you know, so packets get back to the vpn client and phone can see vpn stuff)
My friend (client2) was able to ping my iPhone (client1's LAN), which was using
my computer (client1) as gateway.