While trying to provision VPN Server in AWS Ec2 instance with 2 Factor authentication, And after succesfull login , we Found that we neither cant nping the VPN End points nor all my clients traffic is routed through the VPN Server
Following is my server conf
port 1194
proto udp
dev tun1
fragment 1400
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 5.5.32.0 255.255.255.0
comp-lzo no
user nobody
group users
persist-key
persist-tun
status /var/log/openvpn-status.log
duplicate-cn
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf
log /var/log/openvpn.log
mode server
tls-server
#tls-auth ta.key 0
verb 10
cipher AES-256-CBC
auth MD5
link-mtu 1554
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.8.4"
#client-to-client
duplicate-cn
local 10.0.10.137
ifconfig-pool-persist ipp.txt
push "persist-key"
push "persist-tun"
ifconfig 5.5.32.1 5.5.32.2
my client.conf
auth MD5
ca ca.crt
cert client.crt
cipher AES-256-CBC
client
comp-lzo yes
dev tun1
key client.key
keysize 256
persist-key
persist-tun
ping 15
ping-exit 15
ping-restart 0
proto udp
remote xxxxxxxxxx 1194 udp
resolv-retry infinite
tls-client
tun-mtu 1496
verb 3
resolv-retry infinite
key client.key
ns-cert-type server
#script-security 2
#up /etc/openvpn/update-resolv-conf.sh
#down /etc/openvpn/update-resolv-conf.sh
ifconfig 10.8.0.2 10.8.0.1
redirect-gateway def1
pull
nobind
dev-type tun
mssfix
setenv FORWARD_COMPATIBLE 1
ifconfig 5.5.32.2 5.5.32.1
Server Route info
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.10.1 0.0.0.0 UG 0 0 0 eth0
5.5.32.0 5.5.32.2 255.255.255.0 UG 0 0 0 tun1
5.5.32.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 5.5.32.9 UGSc 4 0 utun0
default 172.16.20.1 UGSc 142 0 en1
5.5.32.1/32 5.5.32.9 UGSc 1 0 utun0
5.5.32.9 5.5.32.10 UHr 9 0 utun0
127 127.0.0.1 UCS 1 0 lo0
127.0.0.1 127.0.0.1 UH 14 173701 lo0
127.94.0.1 127.94.0.1 UH 1 0 lo0
128.0/1 5.5.32.9 UGSc 3 0 utun0
169.254 link#4 UCS 1 0 en1
172.16.20/23 link#4 UCS 8 0 en1
172.16.20.1/32 link#4 UCS 2 0 en1
172.16.20.1 c0:ea:e4:85:42:7 UHLWIir 6 74 en1 1163
172.16.20.53 b8:27:eb:2e
172.16.20.123 b8:27:eb:7b:fe:2f UHLWIi 1 0 en1 1187
172.16.20.224 3c:a9:f4:93:6d:38 UHLWIi 2 0 en1 1193
172.16.20.238/32 link#4 UCS 1 0 en1
172.16.21.31 74:86:7a:41:f0:e4 UHLWIi 1 0 en1 1145
172.16.21.37 54:9f:13:10:50:ba UHLWIi 2 308 en1 1178
172.16.21.221 14:7:8:f
172.16.21.255 link#4 UHLWbI 1 9 en1
RemoteVPNIP/32 172.16.20.1 UGSc 2 0 en1
224.0.0 link#4 UmCS 2 0 en1
224.0.0.251 1:0:5e:0:0:fb UHmLWI 1 2 en1
255.255.255.255/32 link#4 UCS 1 0 en1
1) Disabled the AWS Ec2 source desitnation checks
2) Following wikis of OpenVPN
3) Had enabled Port forwarding on the VPN Server
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.send_redirects = 1
4) Enabled POSTROUTING on NAT for MASQUERADING the traffic on the VPN SERVER
Some Relevant Info
VPN Server : Real LAN inet addr:10.0.10.137 Bcast:10.0.10.255 Mask:255.255.255.0
VPN Server Network : inet addr:5.5.32.1 P-t-P:5.5.32.2 Mask:255.255.255.255
Clients : MAC and Linux
Working on this for days , but no luck
Would be very helpful , if someone could step in and help me to resolve this issue
Thanks
Philix