Building 1:
10.1.0.0 255.255.0.0
Building 2:
10.10.0.0 255.255.0.0
192.168.0.0 255.255.0.0
Buildings are connected by 1G metro ethernet.
I reside in building 1.
192.168.0.0 is firewalled from everyone.
OpenVPN is in 10.10.230.0
OpenVPN is in bridged mode so when I connect I get a 10.10.230.x address.
192.168.0.0 is acccessible from anyone with a 10.10.x.x address.
I connect with OpenVPN using the "push redirect-gateway" option and everything works. However, I don't want this to be my DFG. I only want to use this tunnel for specific subnets so I use the "push route" option like this:
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
and turn off the "redirect-gateway"
I cannot access the 192.168.0.0 subnets.
Example:
C:\Users\me>tracert -d 192.168.2.6
Tracing route to 192.168.2.6 over a maximum of 30 hops
1 * * * Request timed out.
2 * 10.10.230.181 reports: Destination host unreachable.
Trace complete.
Route table: The routes are added. It looks like they are trying to be used by what the tracert shows.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.150.1 10.1.150.62 10
5.0.0.0 255.0.0.0 On-link 5.227.46.162 9256
5.227.46.162 255.255.255.255 On-link 5.227.46.162 9256
5.255.255.255 255.255.255.255 On-link 5.227.46.162 9256
10.1.150.0 255.255.255.0 On-link 10.1.150.62 266
10.1.150.62 255.255.255.255 On-link 10.1.150.62 266
10.1.150.255 255.255.255.255 On-link 10.1.150.62 266
10.10.230.0 255.255.255.0 On-link 10.10.230.181 286
10.10.230.181 255.255.255.255 On-link 10.10.230.181 286
10.10.230.255 255.255.255.255 On-link 10.10.230.181 286
10.10.231.0 255.255.255.0 10.10.230.179 10.10.230.181 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 10.10.230.179 10.10.230.181 30
192.168.3.0 255.255.255.0 10.10.230.179 10.10.230.181 30
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.150.62 266
224.0.0.0 240.0.0.0 On-link 10.10.230.181 286
224.0.0.0 240.0.0.0 On-link 5.227.46.162 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.150.62 266
255.255.255.255 255.255.255.255 On-link 10.10.230.181 286
255.255.255.255 255.255.255.255 On-link 5.227.46.162 9256
===========================================================================
What am I missing? Again, using "redirect-gateway" I can access everything I need to access. What gives?
route table with redirect-gateway enabled
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.230.179 10.10.230.180 30
10.1.150.0 255.255.255.0 On-link 10.1.150.62 266
10.1.150.62 255.255.255.255 On-link 10.1.150.62 266
10.1.150.255 255.255.255.255 On-link 10.1.150.62 266
10.10.230.0 255.255.255.0 On-link 10.10.230.180 286
10.10.230.179 255.255.255.255 10.1.150.1 10.1.150.62 10
10.10.230.180 255.255.255.255 On-link 10.10.230.180 286
10.10.230.255 255.255.255.255 On-link 10.10.230.180 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.150.62 266
224.0.0.0 240.0.0.0 On-link 10.10.230.180 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.150.62 266
255.255.255.255 255.255.255.255 On-link 10.10.230.180 286
===========================================================================
Best Answer
when you have redirect-gateway enabled (looking at your rt's above), there is an entry for what appears to be the nexthop after your OpenVPN gateway:
Your first routing table doesn't have that, so it's possible that your client doesn't know how to route your OpenVPN traffic itself. Here is the routing table when I have OpenVPN enabled (no redirect gateway)
I have added
to my openvpn server config, so I can connect to another subnet on the other side of my openvpn server, that the openvpn server isn't on but is set up to route to. Also more info for the rt above:
My openvpn server IP is 192.168.200.1 My openvpn client IP is 192.168.200.10
So any traffic destined for 192.168.100.0 goes through the OpenVPN interface but is destined for 200.1, because my OpenVPN box has 2 eth connections and has iptables setup to route that traffic. So in your case (re-reading your question), I would check that there is a route on your OpenVPN server between the two interfaces to route the traffic from one interface to the other.