I am now trying to configure a site-to-site vpn.
When I ping from openvpn-client to desktop, I get a response, but from laptop to desktop, no response.
My network environment is as follows:
My configuration files are as follows:
server
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.11.0 255.255.255.0"
client-config-dir ccd
route 192.168.255.0 255.255.255.0
client-to-client
keepalive 10 120
tls-auth ta.key 0
auth SHA512
cipher AES-256-GCM
tls-version-min 1.2
tls-cipher ECDHE+AESGCM:DHE+aRSA+AESGCM:ECDHE+AESCCM:DHE+aRSA+AESCCM:+AES256
tls-cipher ECDHE+CHACHA20:DHE+aRSA+CHACHA20:+DHE:ECDHE+AES128:ECDHE+CAMELLIA128
tls-cipher ECDHE+AES:ECDHE+CAMELLIA:+ECDHE+SHA:DHE+aRSA+AES128
tls-cipher DHE+aRSA+CAMELLIA128:DHE+aRSA+AES:DHE+aRSA+CAMELLIA:+DHE+aRSA+SHA
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
client
client
dev tun
proto udp
remote myvpn.example.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
auth SHA512
cipher AES-256-GCM
verb 3
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
ping from openvpn-client to desktop
result: My laptop can connect to my desktop.
- tun0 on openvpn-client captures plain packets. (10.8.0.6 -> 192.168.11.11)
- enp3s0 on openvpn-server captures encrypted packets.
- tun0 on openvpn-server captures palin packets. (10.8.0.6 -> 192.168.11.11)
- enp3s0 on openvpn-server captures palin packets. (192.168.11.254 -> 192.168.11.11)
result: My laptop can not connect to my desktop.
- tun0 on openvpn-client captures plain packets. (192.168.255.159 -> 192.168.11.11)
- enp3s0 on openvpn-server captures encrypted packets.
- tun0 on openvpn-server dose not capture any packets.
And, the routing table for each node is correct.
Code: Select all
root@openvpn-server:~# ip route
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.11.0/24 dev enp3s0 proto kernel scope link src 192.168.11.254 metric 100
192.168.255.0/24 via 10.8.0.2 dev tun0
Code: Select all
root@openvpn-client:~# ip route
default via 172.20.10.1 dev wlan0 proto dhcp metric 600
10.8.0.0/24 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
169.254.0.0/16 dev eth0 scope link metric 1000
172.20.10.0/28 dev wlan0 proto kernel scope link src 172.20.10.2 metric 600
192.168.11.0/24 via 10.8.0.5 dev tun0
192.168.255.0/24 dev eth0 proto kernel scope link src 192.168.255.254 metric 100