We are using OpenVPN to allow employees to connect to the office network. The office uses 172.20.1.0/24, the VPN clients use 10.8.0.0/24. Our VPN server is a QNAP NAS. When connected, clients can access every IP in the office network. However, I want to achive the opposite ping a remote client from the office.
I tried adding a route on an office PC to route all traffic destinated to 10.8.0.0/24 to the QNAP's IP, however this did not have any effect on its own. It was neccessary to add another route on the remote PC, and modify its firewall, as described in this answer.
I find this very confusing, as I already can ping the office from the remote client, so there is already a route to the office (marked with an arrow below), and reply packets come back (even without any explicit route). Here is the routing table of a remote client:
IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.155 25
10.8.0.20 255.255.255.252 Auf Verbindung 10.8.0.22 262
10.8.0.22 255.255.255.255 Auf Verbindung 10.8.0.22 262
10.8.0.23 255.255.255.255 Auf Verbindung 10.8.0.22 262
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331
...
172.20.1.0 255.255.255.0 10.8.0.21 10.8.0.22 262 <-----
192.168.1.0 255.255.255.0 Auf Verbindung 192.168.1.155 281
...
And here is the route I had to add on the client to make it pingable from the office:
route add 0.0.0.0 mask 0.0.0.0 10.8.0.21 metric 500 if 11
It seems like it does nothing due to it's high metric. I guess it is just for windows so you can set is as a trusted network. Can anyone explain how this works, and how I can automate this? (For example either by adding a push option to OpenVPN or a group policy to make this network trusted, ...)
0 Answers