Access from Server to Client on existing interface
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Access from Server to Client on existing interface
Hi
I have a challenge not being able to connect from The Servers existing interface to the Client after tunnel is initiated. The other direction works fine
Server: 10.10.10.33
VPN_IP: 172.27.224.1
Client 192.168.1.200
VPN_IP: 172.27.224.130 (Fixed)
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK
From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail
How do i configure this reverse connectivity on existing interfaces?
I have a challenge not being able to connect from The Servers existing interface to the Client after tunnel is initiated. The other direction works fine
Server: 10.10.10.33
VPN_IP: 172.27.224.1
Client 192.168.1.200
VPN_IP: 172.27.224.130 (Fixed)
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK
From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail
How do i configure this reverse connectivity on existing interfaces?
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Re: Access from Server to Client on existing interface
Thanks Pippin
Added file /usr/local/openvpn_as/etc/ccd/192.168.1.200 to server
content:
iroute 192.168.1.0 255.255.255.0
Added this to server config directives (web page)
route 192.168.1.0 255.255.255.0
initiated tunnel but still same result:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK
From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail
Added file /usr/local/openvpn_as/etc/ccd/192.168.1.200 to server
content:
iroute 192.168.1.0 255.255.255.0
Added this to server config directives (web page)
route 192.168.1.0 255.255.255.0
initiated tunnel but still same result:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK
From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Re: Access from Server to Client on existing interface
hmm.. what is the common name of my client, how do i find that?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Re: Access from Server to Client on existing interface
I dont know what the common name of my client is as i just downloaded the client.ovpn file from the openvpn access server
looking everywhere i cannot locate the common name...
looking everywhere i cannot locate the common name...
- disqualified
- OpenVPN User
- Posts: 40
- Joined: Fri Jun 03, 2016 7:13 pm
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Access from Server to Client on existing interface
Woops, i see now this is Acces Server, i should pay attention.
Hope i`m not disqualified
Hope i`m not disqualified
- disqualified
- OpenVPN User
- Posts: 40
- Joined: Fri Jun 03, 2016 7:13 pm
Re: Access from Server to Client on existing interface
How do you disqualify the distinction between Openvpn-AccessServer vs. the free monkey ?
One thing you can do is make sure you know what you are doing ..
I guess this website could do a bit better though ..
One thing you can do is make sure you know what you are doing ..
I guess this website could do a bit better though ..
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Re: Access from Server to Client on existing interface
Hi PippinPippin wrote:Woops, i see now this is Acces Server, i should pay attention.
Hope i`m not disqualified
Since this is Access Server can you tell me if what i want to accomplish is possible or not?
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Access from Server to Client on existing interface
Yes, is possible.
Don`t know about Access Server but check the details of clients certificate for it`s unique common name.
Did you enable ip_forwarding on the client?
Firewall on client allows that traffic?
Don`t know about Access Server but check the details of clients certificate for it`s unique common name.
Did you enable ip_forwarding on the client?
Firewall on client allows that traffic?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Re: Access from Server to Client on existing interface
Hi Pippin,
how do i check the common name?
IP-forwarding is enabled on the client
and yes, firewall does allow the traffic
how do i check the common name?
IP-forwarding is enabled on the client
and yes, firewall does allow the traffic
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Access from Server to Client on existing interface
Code: Select all
openssl x509 -noout -subject -in /pat/to/your_client.crt
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Re: Access from Server to Client on existing interface
sudo openssl x509 -noout -subject -in /tmp/output/client.crt
subject= /CN=openvpn
created ccd directory
in that a file "openvpn" with content
iroute 192.168.1.0 255.255.255.0
on server side i have
route 192.168.1.0 255.255.255.0
-duplicate-cn
After i open tunnel it is the same:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK
From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail
On the vpn server the 192.168.1.0 route is not created:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.254 0.0.0.0 UG 0 0 0 bond0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 bond0
172.27.224.0 0.0.0.0 255.255.255.192 U 0 0 0 as0t0
172.27.224.64 0.0.0.0 255.255.255.192 U 0 0 0 as0t1
172.27.224.130 0.0.0.0 255.255.255.255 UH 0 0 0 as0t0
subject= /CN=openvpn
created ccd directory
in that a file "openvpn" with content
iroute 192.168.1.0 255.255.255.0
on server side i have
route 192.168.1.0 255.255.255.0
-duplicate-cn
After i open tunnel it is the same:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK
From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail
On the vpn server the 192.168.1.0 route is not created:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.254 0.0.0.0 UG 0 0 0 bond0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 bond0
172.27.224.0 0.0.0.0 255.255.255.192 U 0 0 0 as0t0
172.27.224.64 0.0.0.0 255.255.255.192 U 0 0 0 as0t1
172.27.224.130 0.0.0.0 255.255.255.255 UH 0 0 0 as0t0
-
- OpenVpn Newbie
- Posts: 8
- Joined: Sun Jun 18, 2017 3:53 pm
Re: Access from Server to Client on existing interface
Finally! Problem solved!
once i enabled VPN Gateway in the user permissions it worked smoothly.
once i enabled VPN Gateway in the user permissions it worked smoothly.