Route working only one way?

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
User avatar
minternauta
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 06, 2017 2:58 pm

Route working only one way?

Postby minternauta » Mon Jun 12, 2017 4:11 pm

Hey, Recently I set up a LAB to create multi-client access on the same VPN and allow these clients to communicate with each other. So I have the following scenario:

The Computer 1 has the IP 10.1.2.5
The Computer 2 has the IP 10.1.2.9

The Computer 1 can reach the Computer 2
But,
The Computer 2 CANT reach the Computer 1

If i try to traceroute the Computer 1 on the Computer 2, the trace cant reach?? Why??

Computer1 ccd config
# Setup the Fixed Address for the Client
# Network 2
ifconfig-push 10.1.2.5 10.1.2.6
iroute 10.1.2.0 255.255.255.0


Computer2 ccd config
# Setup the Fixed Address for the Client
# Network 2
ifconfig-push 10.1.2.9 10.1.2.10
iroute 10.1.2.0 255.255.255.0


Server Config
# OpenVPN HVPN Server Configuration
# Marcelo Junior (2017)
#mode server
#tls-server
port 1194
#proto tcp-server
proto tcp
dev tun

# SSL Configs

ca /openvpn/ca/baseKeys/ca.crt
cert /openvpn/ca/baseKeys/HospedagemVPNServer.crt
key /openvpn/ca/baseKeys/HospedagemVPNServer.key # This file should be kept secret
dh /openvpn/ca/baseKeys/dh4096.pem
tls-auth /openvpn/ca/baseKeys/ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC # AES
auth SHA256

# Network Configs

# Main Network Configuration
server 10.1.0.0 255.255.255.0

#
push "redirect-gateway autolocal"
topology net30

push "topology net30"

# Subnetworks
route 10.1.1.0 255.255.255.0 # Network 1
route 10.1.2.0 255.255.255.0 # Network 2
route 10.1.3.0 255.255.255.0 # Network 3

# Push the Routes to the Clients
push "route 10.1.0.0 255.255.255.0"
push "route 10.1.1.0 255.255.255.0"
push "route 10.1.2.0 255.255.255.0"
push "route 10.1.3.0 255.255.255.0"

config /openvpn/server-configs/routes.conf

# Client Configs
client-config-dir /openvpn/clients/configs

# Others

keepalive 10 120

comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status /openvpn/openvpn-status.log
log /var/log/openvpn.log
;log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20



IPTables
-A ufw-before-forward -i tun0 -o tun0 -s 10.1.2.0/24 -d 10.1.2.0/24 -j hvpn-allow-log

Pippin
OpenVPN Expert
Posts: 248
Joined: Wed Jul 01, 2015 8:03 am

Re: Route working only one way?

Postby Pippin » Mon Jun 12, 2017 4:29 pm

It`s a bit easier if you switch to topology subnet.
https://community.openvpn.net/openvpn/wiki/Topology

Remark, look at ifconfig-push for net30 in above link and compare with yours...
If you switch to subnet that changes too.

User avatar
minternauta
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 06, 2017 2:58 pm

Re: Route working only one way?

Postby minternauta » Mon Jun 12, 2017 4:57 pm

Pippin wrote:It`s a bit easier if you switch to topology subnet.
https://community.openvpn.net/openvpn/wiki/Topology

Remark, look at ifconfig-push for net30 in above link and compare with yours...
If you switch to subnet that changes too.


I made the changes and worked! Nice tips.. But a found a little issue using the subent topology, the openvpn clients gets:

Mon Jun 12 13:47:31 2017 Route: Waiting for TUN/TAP interface to come up...
Mon Jun 12 13:47:32 2017 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up
MANAGEMENT: >STATE:1497286052,CONNECTED,ERROR,10.1.2.9,172.16.0.14,1194,172.16.0.30,32940


Return to “Server Administration”

Who is online

Users browsing this forum: googlebot and 4 guests