I'm using Debian 6 as my server, I have configured OpenVPN server there, and clients are connecting successfully using tap mode. This server is available from the internet, but It's also connected to internal network.
Local LAN: 192.168.3.0/24 - eth0 on OpenVPN server
OpenVPN clients: 192.168.199.0/24 - tap0 on OpenVPN server
It would be great if someone could give mi steps I have to follow to allow clients who connect to OpenVPN server to see and be able to connect to each machine within LAN where OpenVPN server is located (192.168.3.0/24 network).
It would be perfect if you could tell me how to setup this routing automatically after client connects.
If you really need a TAP-style connection, you would need to specify the
server-bridgeoption without further parameters - this would enable bridging mode and OpenVPN pass on DHCP requests (DHCP proxy mode). You also would need to bridge your tun interface with whatever your LAN interface is usingbrctl:see the server-bridge option description in the OpenVPN documentation for details.
But honestly, you should rather route than bridge whenever possible - it allows for better debugging and less unnecessary network noise (broadcasts) transmitted through your VPN.
For this case, a config file containing the
push "route 192.168.3.0 255.255.255.0"on the server and the accompanying client-style config file (specifying theclientoption) would do. Example:See the documentation for details on option parameters.