Unable to ping LAN when assigning static virtual IP to users

[stevouwill]

Hello, I hope that you are doing wheel. I am facing on a problem where I did not ping any machine in my LAN when I try to implement the configuration of client-specific rules and access policies from https://openvpn.net/index.php/open-sour ... howto.html.
this is my server file

Code: Select all

# server.conf file
port 1194
proto udp4
dev tun
ca ca.crt
cert  vpnserver.crt
key  vpnserver.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.11.0 255.255.255.0"
client-config-dir ccd
route 10.8.1.0 255.255.255.0
route 10.8.2.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.124.254.5"
push "dhcp-option DNS 10.124.254.4"
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo no
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn/openvpn.log
verb 3
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn

this is my client file

Code: Select all

client
dev tun
proto udp4
remote 10.124.218.150  1194
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
ca ca.crt
cert clienttest1.crt
key  clienttest1.key
auth-user-pass
comp-lzo no
tls-auth ta.key 1
route-method exe
route-delay 2

remote-cert-tls server

cipher AES-256-CBC

my specific configuration for my users is

[img]
[root@vpnserver openvpn]# cat ccd/clienttest1
ifconfig-push 10.8.1.1 10.8.1.2
[/img]


my route on server

[img]Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 10.124.218.254 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.1.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.2.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.124.218.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth2
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

[/img]



from my client 10.124.218.141, I try to ping without success a computer 192.168.10.10. with tcpdump I saw this result
[img]
18:16:27.944764 IP 10.8.2.1 > 192.168.10.10: ICMP echo request, id 6178, seq 3759, length 64
18:16:28.951873 IP 10.8.2.1 > 192.168.10.10: ICMP echo request, id 6178, seq 3760, length 64
18:16:29.934842 IP 10.8.2.1 > 192.168.10.10: ICMP echo request, id 6178, seq 3761, length 64
18:16:30.934562 IP 10.8.2.1 > 192.168.10.10: ICMP echo request, id 6178, seq 3762, length 64
18:16:31.934514 IP 10.8.2.1 > 192.168.10.10: ICMP echo request, id 6178, seq 3763, length 64
[/img]

but when I comment the lines about ip static virtual pool address everything work fine. Please I don't know how to solve this issue

[stevouwill]

the specific virtual ip for client that I try to do the test with tcpdump is

Code: Select all

[root@vpnserver openvpn]# cat ccd/clienttest2
ifconfig-push 10.8.2.1 10.8.2.2

[TiTex]

server 10.8.0.0 255.255.255.0

ifconfig-push 10.8.2.1 10.8.2.2

does this look ok to you ?

[stevouwill]

It doesn't work for me. Please I need your help for solving this issue. I would like to allow the different categories of users to have access only to the different ranges networks dedicated to them.

[TiTex]

your client configs should match your server 10.8.0.0 255.255.255.0 subnet http://jodies.de/ipcalc?host=10.8.0.0&mask1=24&mask2=

clearly these configs do not
ifconfig-push 10.8.1.1 10.8.1.2
ifconfig-push 10.8.2.1 10.8.2.2