OpenVPN Configuration: #Allows Clients to Access Resources via a private IP.

This is a series of posts focusing on useful OpenVPN server configuration options such as: #the use of secure cryptographic algorithms; #client-to-client communication and so forth …

Ensure that all options are included and saved in your OpenVPN server configuration file. ie: /etc/openvpn/server.conf

🎧

When you configure OpenVPN to allow access via a private IP, you essentially create a secure virtual private network (VPN) that lets devices on the VPN access a private internal network (such as a local area network or LAN) behind the VPN server.

This is useful for remote users who need to securely access resources (like file servers, printers, or other networked devices) that are only available within the private network, you need to use the "push" directive.

Add those lines to your configuration file:

push "route 192.168.1.0 255.255.255.0"  # Adjust this to your private network

In this instance:

push: This keyword is used in the OpenVPN server configuration to send configuration options to the clients when they connect.

route: This keyword specifies a network route.

192.168.1.0: This is the network address of the private network you want to make accessible to the VPN clients.

255.255.255.0: This is the subnet mask, indicating that the route is for the entire 192.168.1.0/24 subnet.

Ensure that the private network route (192.168.1.0 255.255.255.0) is adjusted according to your actual private network.

client-to-client

These configurations, combined with the "push route …" directive, enable VPN clients to access resources on the 192.168.1.0/24 network via the OpenVPN tunnel.

With client-to-client:

When the client-to-client directive is enabled in OpenVPN, it allows VPN clients to communicate with each other directly within the VPN's own network, bypassing the need to route traffic through the internal (private) network.

1. Direct Client Communication:

• OpenVPN allows each connected client to directly "see" and communicate with other clients on the VPN network.
• Each client can directly use the VPN IP range (e.g., 10.8.0.0/24) to communicate, without involving the internal network (192.168.1.0/24).

2. Bypassing Internal Network Routing:

• VPN traffic between clients does not go through the internal network.
Instead, the OpenVPN server simply forwards traffic directly between VPN clients within the 10.8.0.0/24 subnet.
• This reduces dependency on internal routing, minimizes latency, and avoids additional configuration on the internal network.

Without client-to-client

Without client-to-client, each client can only communicate with the VPN server or resources that the server explicitly routes to, such as an internal network (192.168.1.0/24). If one VPN client wanted to communicate with another, it would need to first reach the internal network and have routing rules set up to loop back to the other client. This is indirect and requires additional routing setup.

Verifying the Connection

Once the VPN is connected, you should be able to access the private network through the VPN. Verify this by pinging a device on the private network (e.g., ping 192.168.1.1).

By following these steps, you will have configured an OpenVPN server to allow access via a private IP and set up a client to connect to this server. Adjust the configurations as needed to match your specific network setup.

We hope this was of great use!