I’m new setting OpenVPN with System Admin and I running my initial run of tests.
I’m able to connect to the VPN server from Windows and Mac OS, I can ping devices on the VPN subnet, but not on the LAN subnet, consequently I’m not be able to register from my softphones either.
With the following workarounds I’m able to ping and register without issues:
==> IP forwarding
nano /etc/sysctl.conf
net.ipv4.ip_forward=1
==> Added a route to the LAN subnet on the OpenVPN Server config
nano /etc/openvpn/sysadmin_server1.conf
push “route 10.192.80.0 255.255.255.0”
Everything work wonders until I restart my FreePBX server, since as stated on the sysadmin_server1.conf:
modifications to this file will be overwritten.
Both subnets were automatically added to the Local Networks (SIP Settings) and Firewall Trusted Zones.
I did NOT state my VPN endpoints will go to the LAN subnet, I’m aware the VPN server manages a separate subnet for its VPN clients and creates a virtual TUN interface for that purpose.
What I’m seeing here a routing issue between my LAN subnet and VPN Subnet.
Let me rephrase this for you:
Scenario #1 (without workaround)
1- Can ping to the VPN Server TUN interface’s IP.
2- Can NOT ping to the physical interface’s IP address of the server (LAN: Webif IP/Registration IP).
3- Can NOT register my SIP EndPoint.
Scenario #2 (with workaround)
1- Can ping to the VPN Server TUN interface’s IP.
2- Can ping to the physical interface’s IP address of the server (LAN: Webif IP/Registration IP).
3- Can register my SIP EndPoint.
Both scenarios were tested from two different endpoints: Windows and Mac.
You can try to reproduce it, and will see my point.
Again by default the VPN will only route the VPN subnet traffic.
In the VPN server aetup in system admin you can add route and also tell it to make the VPN server be the default gateway to force all traffic across the VPN from the clients.