I'm trying to build a quite simple site-to-site VPN:
Server side network is 192.168.193.0/24
Client side network is 192.168.0.0/24
These are the configs:
server conf
proto udp
port 1194
dev tun
server 10.205.76.0 255.255.255.0
topology subnet
persist-key
persist-tun
keepalive 10 60
duplicate-cn
user nobody
group nogroup
daemon
verb 3
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
remote-cert-tls client
management 127.0.0.1 5555
tls-auth /etc/openvpn/keys/ta.key 0
dh /etc/openvpn/keys/dh2048.pem
pkcs12 /etc/openvpn/keys/OpenVPN_PAW_Server.p12
crl-verify /etc/openvpn/keys/OpenVPN_PAW_CRL.pem
push "route 192.168.193.0 255.255.255.0"
client gateway conf
proto udp
port 1194
dev tun
client
remote dyndns.foo.bar.com
nobind
key-direction 1
verb 3
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
remote-cert-tls server
management 127.0.0.1 5555
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-auth>
...
</tls-auth>
I configured port forwarding on the routers on either side of the tunnel (1194/udp). To simplify the router configuration I added masquerading on the VPN server and client gateway machines:
Code: Select all
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Code: Select all
VOIP: IWU: data_write: error get localip for destination 192.168.0.117,39000000
Thx!