Making OpenVPN Route Both Ways With TUN

Making OpenVPN Route Both Ways With TUN

You may recall this article from last February where I described how to set up an OpenVPN server in Ubuntu.

One thing that's bothered me ever since that day is that the client could contact everything on the server's network but not vice-versa. I searched for answers for quite some time and finally gave up.

I just stumbled on the answer, and it's a really easy solution to the problem. I'm already using custom client configs, and there's only one client that I wanted dual routing with - our accounting office in Virginia.

Here's a few assumptions. Let's say the primary network with the OpenVPN server uses The OpenVPN client network that's going to keep a constant link is using

In the server's "server.conf" file you need the following two lines:


In the client config file (also on the server) add the following:

push "route"

Don't forget you need to configure one or both firewalls to allow the traffic.

What this does on the server is say - when we see a client with network connect, allow us to contact it, but only if the client allows it.

The iroute entry in the client config file then says allow our internal network to be contacted by the other end.

And there you have it - full ping directly to from and vice-versa!

Posted by Tony on Oct 05, 2009 | Servers