Network topology is like this:
OpenVPN Server:
Private IP (eth0): 10.0.4.23/16Public IP (eth1): 77.20.30.40/24Routes:default via 77.20.30.110.0.0.0/16 (not routable, so no gateway)10.8.0.0/16 via 10.0.0.65On same private subnet we have dedicated addresses in range of 10.0.13.0/24 network for clients connected via OpenVPN. So clients see the OpenVPN Server address as 10.0.13.1 as a gateway.
Client Machine:
Public IP: 217.40.50.60Currently, when Client connects to VPN Server, it cannot see subnets in private range. So I've added routes to those networks using OpenVPN Servers tun0 IP (10.0.13.1)
ip r add 10.0.0.0/16 via 10.0.13.1ip r add 10.8.0.0/16 via 10.0.13.1It doesn't work. So I've added POSTROUTING iptables rule on OpenVPN Server
iptables -A POSTROUTING -s 10.0.13.0/24 -o eth0 -j MASQUERADEAt that point it worked. But, the problem is, when i connect to a server in that private subnet, for example 10.0.4.20, that server will see originating IP address as OpenVPN Private address 10.0.4.23.
Currently we have Microsoft VPN established and when we use that, all servers can see clients IP addresses that are assigned to by VPN, so it can be done (maybe) but I'm not sure where i got it wrong.
This is OpenVPN Server config file, comments stripped for readers convenience.
port 1194proto udpdev tunuser nobodygroup nobodypersist-keypersist-tunkeepalive 10 120topology subnetserver 10.0.13.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "dhcp-option DNS 10.0.0.1"push "dhcp-option DNS 10.0.0.2"push "route 10.0.0.0 255.255.0.0"push "route 10.8.0.0 255.255.0.0"dh noneecdh-curve prime256v1tls-crypt tls-crypt.key 0crl-verify crl.pemca ca.crtcert server_oy94rAaIiMtrnvAB.crtkey server_oy94rAaIiMtrnvAB.keyauth SHA256cipher AES-128-GCMncp-ciphers AES-128-GCMtls-servertls-version-min 1.2tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256status /var/log/openvpn/status.loglog /var/log/openvpn/openvpn.logverb 3plugin /opt/openvpn-ldap-auth/lib/openvpn-auth-ldap.so /etc/openvpn/auth/ldap.confclient-cert-not-requiredI've tried setting server 10.0.13.0 255.255.255.0 to server 10.0.13.0 255.255.0.0 as that should be the network, but OpenVPN server doesn't like that config and don't want to start if first octet in subnet is not 0.
So to make it simple:How do i make some server that is on 10.0.0.0/16 network, reach VPN Client that is on 10.0.13.0/24. Or better yet, how do i make OpenVPN Server assign to clients IP addresses in range of 10.0.13.0/24 but actually make them belong to 10.0.0.0/16? Do i maybe need a separate DHCP Server on same server?