I have installed openvpn to join my home network from my office. Here is my architecture :
After a lot of problem, the tunnel is now up and running.
The server config (Ubuntu):
Code: Select all
port 1194
proto udp
dev tun0
ca myca.crt
dh mydh.pem
cert mycert.crt
key mykey.key
server 10.8.0.0 255.255.255.0
crl-verify /openvpnpath/crl.pem
cipher AES-256-CBC
user nobody
group nogroup
status /openvpnpath/openvpn-status.log
log-append /openvpnpath/openvpn.log
verb 15
mute 20
max-clients 100
keepalive 10 120
client-config-dir /openvpnpath/ccd
client-to-client
comp-lzo
ccd-exclusive
persist-key
persist-tun
push "route 172.17.21.0 255.255.255.0"
route 10.17.12.0 255.255.255.0
Code: Select all
client
proto udp
dev tun
ca myca.crt
dh mydh.pem
cert mycert.crt
key mykey.key
remote X.X.X.X 1194
cipher AES-256-CBC
verb 15
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
Code: Select all
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:672 (672.0 B) TX bytes:1596 (1.5 KiB)
But I can't ping 10.17.12.2 from the server and all others machines in the 172.17.21.0 network are unjoinable from 10.17.12.0 network
I have read a lot of topics and try a lot of things (firewall....nat.....) but it's still the same.
I have captured logs in the server during a ping from 10.17.12.2 to 172.17.21.26, the result is :
Code: Select all
Wed Jun 14 18:19:22 2017 us=234617 myprofile/X.X.X.X:57518 TLS: tls_pre_decrypt, key_id=4, IP=[AF_INET]X.X.X.X:57518
Wed Jun 14 18:19:22 2017 us=234705 myprofile/X.X.X.X:57518 DECRYPT IV: 45d5ae5a 6afdd98d 86032ca5 abbe22e8
Wed Jun 14 18:19:22 2017 us=234783 myprofile/X.X.X.X:57518 DECRYPT TO: 0000009d fa450000 5413b640 0040015b ba0a0800 06ac1115 1a0800ba a025590[more...]
Wed Jun 14 18:19:22 2017 us=234918 myprofile/X.X.X.X:57518 PID_TEST [0] [SSL-4] [123456789>>>>>>>>>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:156 0:157 t=1497457162[0] r=[-4,64,15,0,1] sl=[36,64,64,528]
Wed Jun 14 18:19:22 2017 us=234977 myprofile/X.X.X.X:57518 GET INST BY VIRT: 10.8.0.6 -> myprofile/X.X.X.X:57518 via 10.8.0.6
Wed Jun 14 18:19:22 2017 us=235052 myprofile/X.X.X.X:57518 GET INST BY VIRT: 172.17.21.26 [failed]
Wed Jun 14 18:19:22 2017 us=235109 PO_CTL rwflags=0x0000 ev=4 arg=0x565213f9a170
Wed Jun 14 18:19:22 2017 us=235155 PO_CTL rwflags=0x0002 ev=5 arg=0x565213f9a088
Wed Jun 14 18:19:22 2017 us=235212 I/O WAIT Tr|TW|Sr|Sw [3/156473]
Wed Jun 14 18:19:22 2017 us=235342 PO_WAIT[1,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x565213f9a088
Wed Jun 14 18:19:22 2017 us=235404 event_wait returned 1
Wed Jun 14 18:19:22 2017 us=235479 I/O WAIT status=0x0008
Wed Jun 14 18:19:22 2017 us=235503 myprofile/X.X.X.X:57518 TUN WRITE [84]
Wed Jun 14 18:19:22 2017 us=235584 myprofile/X.X.X.X:57518 write to TUN/TAP returned 84
Wed Jun 14 18:19:22 2017 us=235670 PO_CTL rwflags=0x0001 ev=4 arg=0x565213f9a170
Wed Jun 14 18:19:22 2017 us=235810 PO_CTL rwflags=0x0001 ev=5 arg=0x565213f9a088
Wed Jun 14 18:19:22 2017 us=235859 I/O WAIT TR|Tw|SR|Sw [3/156473]
Wed Jun 14 18:19:25 2017 us=395162 event_wait returned 0
Wed Jun 14 18:19:25 2017 us=395305 I/O WAIT status=0x0020
Wed Jun 14 18:19:25 2017 us=395331 MULTI: REAP range 176 -> 192
Wed Jun 14 18:19:25 2017 us=395478 myprofile/X.X.X.X:57518 TLS: tls_pre_encrypt: key_id=4
Wed Jun 14 18:19:25 2017 us=395522 myprofile/X.X.X.X:57518 ENCRYPT IV: 636933e9 40c4e2c7 1f972321 f1f976fe
Wed Jun 14 18:19:25 2017 us=395658 myprofile/X.X.X.X:57518 ENCRYPT FROM: 0000008c fa2a187b f3641eb4 cb07ed2d 0a981fc7 48
Wed Jun 14 18:19:25 2017 us=395750 myprofile/X.X.X.X:57518 ENCRYPT TO: 636933e9 40c4e2c7 1f972321 f1f976fe d7560873 f81b285b fa0356e8 14c2b82[more...]
Wed Jun 14 18:19:25 2017 us=395781 myprofile/X.X.X.X:57518 SENT PING
Wed Jun 14 18:19:25 2017 us=395797 myprofile/X.X.X.X:57518 TIMER: coarse timer wakeup 10 seconds
Wed Jun 14 18:19:25 2017 us=395818 myprofile/X.X.X.X:57518 RANDOM USEC=106099
Wed Jun 14 18:19:25 2017 us=395992 myprofile/X.X.X.X:57518 SCHEDULE: schedule_add_modify wakeup=[Wed Jun 14 18:19:31 2017 us=50434] pri=1499879294
Wed Jun 14 18:19:25 2017 us=396122 SCHEDULE: schedule_find_least wakeup=[Wed Jun 14 18:19:31 2017 us=50434] pri=1660892136
Wed Jun 14 18:19:25 2017 us=396167 PO_CTL rwflags=0x0002 ev=4 arg=0x565213f9a170
Wed Jun 14 18:19:25 2017 us=396185 PO_CTL rwflags=0x0000 ev=5 arg=0x565213f9a088
Wed Jun 14 18:19:25 2017 us=396209 I/O WAIT Tr|Tw|Sr|SW [5/57523]
Wed Jun 14 18:19:25 2017 us=396248 PO_WAIT[0,0] fd=4 rev=0x00000004 rwflags=0x0002 arg=0x565213f9a170
Wed Jun 14 18:19:25 2017 us=396305 NOTE: --mute triggered...
Wed Jun 14 18:19:25 2017 us=396352 myprofile/X.X.X.X:57518 2 variation(s) on previous 20 message(s) suppressed by --mute
Wed Jun 14 18:19:25 2017 us=396488 myprofile/X.X.X.X:57518 UDPv4 WRITE [69] to [AF_INET]X.X.X.X:57518: P_DATA_V1 kid=4 DATA 11c43f8d 8e012030 1f8b6981 7311926a 7de2889b 636933e9 40c4e2c7 1f97232[more...]
server :
Code: Select all
Destination Passerelle Genmask Indic Metric Ref Use Iface
default 172.17.21.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.17.12.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
localnet * 255.255.255.0 U 0 0 0 eth0
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.17.12.1 0.0.0.0 UG 0 0 0 br-lan
10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0
10.17.12.0 * 255.255.255.0 U 0 0 0 br-lan
172.17.21.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
thx