[Solved] OpenVPN - Routing Problem?
Posted: Wed Mar 08, 2017 1:09 am
Hello,
I'm having a problem but before asking for your help, let me show how are my vpns configured:
Currently I have a 2 sites.
SiteA: -> 172.17.103.0/24
SiteB: -> 172.17.102.0/24
OpenVpn Server -> 172.17.101.0/24
SiteA is connected via IPSEC to SiteB. Both communicate.
At the same time i have a OpenVPN server on SiteA, which works great.
So it raises the need to connect to SiteB via OpenVPN, I created a second Phase2 on IPSEC, tunnel connect and it is here that starts the weird part.
My OS is Fedora25.
[plouro@b50 ~]$ uname -r
4.9.13-200.fc25.x86_64
I have configured OpenVPN in System->Network, has a profile, when I activate the vpn all good, I am able to connect to SiteB via openVpn.
OpenVpn->SiteA->IPsec->SiteB
But if I launch the vpn connection via CLI, sudo openvpn file.ovpn, the connection is made, I can connect to SiteA but not to SiteB.
So I tried on windows and it has the same result, I cant connect to SiteB via openVPN.
One thing I noticed is when i launch openVPN via CLI here is my routing:
[plouro@b50 ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default dsldevice.lan 0.0.0.0 UG 600 0 0 wlp9s0
172.17.103.0 172.17.101.1 255.255.255.0 UG 0 0 0 tun0
172.17.101.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp9s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
But when I launch openVpn via System->Network (openVpn profile), here is my routing:
[plouro@b50 ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 50 0 0 tun0
default gateway 0.0.0.0 UG 600 0 0 wlp9s0
static-wan-bl3- gateway 255.255.255.255 UGH 600 0 0 wlp9s0
172.17.101.0 0.0.0.0 255.255.255.0 U 50 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp9s0
gateway 0.0.0.0 255.255.255.255 UH 600 0 0 wlp9s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
I have disabled selinux, firewalld to troubleshoot and make sure that was not a problem with permissions.
Here is my .ovpn file
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote (Public IP) 12345 udp
verify-x509-name "Fw2ServerVPN" name
auth-user-pass
pkcs12 fw02-udp-34768-plouro.p12
tls-auth fw02-udp-34768-plouro-tls.key 1
ns-cert-type server
comp-lzo adaptive
nevertheless, it's not making many sense to me why works when I activate via NetworkProfile, and it does not work when I activate via CLI or on Windows...
Is this a bug?
Please advice, thank you
I'm having a problem but before asking for your help, let me show how are my vpns configured:
Currently I have a 2 sites.
SiteA: -> 172.17.103.0/24
SiteB: -> 172.17.102.0/24
OpenVpn Server -> 172.17.101.0/24
SiteA is connected via IPSEC to SiteB. Both communicate.
At the same time i have a OpenVPN server on SiteA, which works great.
So it raises the need to connect to SiteB via OpenVPN, I created a second Phase2 on IPSEC, tunnel connect and it is here that starts the weird part.
My OS is Fedora25.
[plouro@b50 ~]$ uname -r
4.9.13-200.fc25.x86_64
I have configured OpenVPN in System->Network, has a profile, when I activate the vpn all good, I am able to connect to SiteB via openVpn.
OpenVpn->SiteA->IPsec->SiteB
But if I launch the vpn connection via CLI, sudo openvpn file.ovpn, the connection is made, I can connect to SiteA but not to SiteB.
So I tried on windows and it has the same result, I cant connect to SiteB via openVPN.
One thing I noticed is when i launch openVPN via CLI here is my routing:
[plouro@b50 ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default dsldevice.lan 0.0.0.0 UG 600 0 0 wlp9s0
172.17.103.0 172.17.101.1 255.255.255.0 UG 0 0 0 tun0
172.17.101.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp9s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
But when I launch openVpn via System->Network (openVpn profile), here is my routing:
[plouro@b50 ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 50 0 0 tun0
default gateway 0.0.0.0 UG 600 0 0 wlp9s0
static-wan-bl3- gateway 255.255.255.255 UGH 600 0 0 wlp9s0
172.17.101.0 0.0.0.0 255.255.255.0 U 50 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp9s0
gateway 0.0.0.0 255.255.255.255 UH 600 0 0 wlp9s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
I have disabled selinux, firewalld to troubleshoot and make sure that was not a problem with permissions.
Here is my .ovpn file
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote (Public IP) 12345 udp
verify-x509-name "Fw2ServerVPN" name
auth-user-pass
pkcs12 fw02-udp-34768-plouro.p12
tls-auth fw02-udp-34768-plouro-tls.key 1
ns-cert-type server
comp-lzo adaptive
nevertheless, it's not making many sense to me why works when I activate via NetworkProfile, and it does not work when I activate via CLI or on Windows...
Is this a bug?
Please advice, thank you