I have installed OpenVPN to establish a Site to Site connection between two remotes networks
Here my Network schema
So I can ping the client side (192.168.209.0/24) to the server side (10.101.0.0/16) => OK
I can ping from the client side to 10.8.0.1 (server) => OK
And I can ping from the server side to 10.8.0.6 (client ) => OK
But I can't ping from server side to client network
For example from the server to the client machine => ping to 192.168.209.2 => Doesn't work
I enabled echo "1"> /proc/sys/net/ipv4/ip_forward
SERVER :
Here my server.conf
Code: Select all
port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/xxx.crt
key keys/xxx.key
dh keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
Code: Select all
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.209.0/24 via 10.8.0.1 dev tun0
iptables -t nat -v -L
Code: Select all
Chain POSTROUTING (policy ACCEPT 150 packets, 23401 bytes)
pkts bytes target prot opt in out source destination
32 2664 MASQUERADE all -- any enp0s25 10.8.0.0/24 anywhere
client.conf
Code: Select all
client
dev tun
proto tcp
remote xxxxxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
comp-lzo
verb 3
Code: Select all
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
10.101.0.0/16 via 10.8.0.6 dev tun0
Code: Select all
Chain POSTROUTING (policy ACCEPT 31 packets, 2653 bytes)
pkts bytes target prot opt in out source destination
3 252 MASQUERADE all -- any tun0 192.168.209.0/24 anywhere
0 0 MASQUERADE all -- any ens4 10.101.0.0/16 anywhere
0 0 MASQUERADE all -- any ens4 10.8.0.0/24 anywhere
When I'm on the server and i ping the client with tunnel IP 10.8.0.6
Here's the result with tcpdump on tun0
on the server
Code: Select all
02:18:47.922486 IP 10.8.0.1 > 10.8.0.6: ICMP echo request, id 7110, seq 39, length 64
02:18:47.934675 IP 10.8.0.6 > 10.8.0.1: ICMP echo reply, id 7110, seq 39, length 64
Code: Select all
02:20:05.004943 IP 10.8.0.1 > 10.8.0.6: ICMP echo request, id 7110, seq 116, length 64
02:20:05.004980 IP 10.8.0.6 > 10.8.0.1: ICMP echo reply, id 7110, seq 116, length 64
But When I'm on the server and I ping the client with his IP LAN 192.168.209.2
Here's the result with tcpdump on tun0
on the server
Code: Select all
02:21:26.057201 IP 10.8.0.1 > 192.168.209.2: ICMP echo request, id 7114, seq 7, length 64
02:21:27.057172 IP 10.8.0.1 > 192.168.209.2: ICMP echo request, id 7114, seq 8, length 64
It's the same when I'm make a ping trough the tunnel
like ping -I tun0 192.168.209.5, notthing append on the client side
How is it possible ? Can you help me please
Thank you in advance