So I have the following configuration:
+---------------------+ +----------------------------------+
| 10.10.10.* | | 192.168.100.* |
|---------------------| |----------------------------------|
| | | |
| +------|------|------+ |
| | Raspberry Pi | |
| |------|------|------| |
| | | | | |
| | +--------------+ | |
| | | | | | | |
| | v | | v | |
| +--------+ |------|------|------| +--------+ +----+ |
Internet | |Router 1| | eth0 | |wlan0 | |Router 2| | PC | |
| +--------+ +------|------|------+ +--------+ +----+ |
^ | ^ ^ ^ | | ^ ^ ^ ^ |
| +----|--|---------|---+ +--|----------|--|--------|--------+
| | | | | | | |
| | | | | | | |
+------------+ +---------+ +----------+ +--------+
I've installed and configured OpenVPN on the Raspberry PI, and I can connect to it from external. When i'm connected the ip is in 10.8.0.* range, and I have no problem accessing any computer that is connected to "Router 1", but what I'm trying is to access PC that is connect to "Router 2", and I'm stuck :). Everything that is behind Router 2 shouldn't have internet access, but I do want to have access to them when needed from a remote location. I do have access to both routers for configuration.
I assume is some routes or iptable configuration, but I'm quite a noob in this.
If it helps this are my routes:
0.0.0.0 10.10.10.1 0.0.0.0 UG 202 0 0 eth0
0.0.0.0 192.168.100.1 0.0.0.0 UG 303 0 0 wlan0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.10.10.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0
and my iptable config (i'm using iptable-persistent)
# Generated by iptables-save v1.6.0 on Thu Apr 18 16:52:58 2019
*filter
:INPUT ACCEPT [952:111277]
:FORWARD ACCEPT [36:3024]
:OUTPUT ACCEPT [675:99113]
-A INPUT -i tun0 -j ACCEPT
-A POSTROUTING -o tun0 -j MASQUERADE
-A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
COMMIT
# Completed on Thu Apr 18 16:52:58 2019
# Generated by iptables-save v1.6.0 on Thu Apr 18 16:52:58 2019
*nat
:PREROUTING ACCEPT [20:3877]
:INPUT ACCEPT [17:3625]
:OUTPUT ACCEPT [146:9653]
:POSTROUTING ACCEPT [147:9737]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Apr 18 16:52:58 2019
And my /etc/openvpn/server.conf
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 127.0.0.1"
push "redirect-gateway def1 bypass-dhcp"
push "route 192.168.100.0 255.255.255.0"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3