From 03e5764de1610a787fc1a84a9d2953945289fd1c Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 1 Jul 2018 16:47:43 -0500 Subject: [PATCH] roles/dch-openvpn-server: Correct routes The `ifconfig` global directive specifies the IP address added to the tunnel interface device, not the network. The `push route` directives need to include this address to correctly send route information to clients. --- .../files/clients/dhatch-d4b.securepassage.com | 4 ++-- .../dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/dch-openvpn-server/files/clients/dhatch-d4b.securepassage.com b/roles/dch-openvpn-server/files/clients/dhatch-d4b.securepassage.com index 2909d37..8649313 100644 --- a/roles/dch-openvpn-server/files/clients/dhatch-d4b.securepassage.com +++ b/roles/dch-openvpn-server/files/clients/dhatch-d4b.securepassage.com @@ -1,5 +1,5 @@ ifconfig-push 172.30.0.210 255.255.255.240 iroute 192.168.0.0 255.255.0.0 iroute 172.16.0.0 255.255.240.0 -push "route 172.30.0.0 255.255.255.192" -push "route 172.31.0.0 255.255.255.224" +push "route 172.30.0.0 255.255.255.192 172.30.0.209" +push "route 172.31.0.0 255.255.255.224 172.30.0.209" diff --git a/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 b/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 index d39300e..ac5a99b 100644 --- a/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 +++ b/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 @@ -11,7 +11,7 @@ dh dh2048.pem topology subnet push "topology subnet" -ifconfig 172.30.0.208 255.255.255.240 +ifconfig 172.30.0.209 255.255.255.240 route 192.168.0.0 255.255.0.0 172.30.0.210 route 172.16.0.0 255.255.240.0 172.30.0.210 client-to-client