Ping between tunnel ends is not working. OpenVPN client-server config.

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
kedzidom
OpenVpn Newbie
Posts: 2
Joined: Tue Jun 01, 2021 8:59 pm

Ping between tunnel ends is not working. OpenVPN client-server config.

Post by kedzidom » Tue Jun 01, 2021 9:18 pm

Hello all,

During a simple configuration for the client - server with TLS authentication, I configured a tunnel with addresses in the "ifconfig" line, ie 10.8.0.1 and 0.2 for each site (both configuration files below).
Note: Client and serwer both virtual machines are on the nat network.

SERVER

Code: Select all

mode	 server 
tls-server
dev 		tun 			
ifconfig	10.8.0.2 10.8.0.1 	
port 		1194
proto 	udp
keepalive	10 120

ca		/etc/ssl/private/ovpn-server/ca.crt		
cert		/etc/ssl/private/ovpn-server/ovpn-server.crt	
key		/etc/ssl/private/ovpn-server/ovpn-server.key	
dh		/etc/ssl/private/ovpn-server/dh.pem	
tls-crypt	/etc/ssl/private/ovpn-server/ta.key 0

cipher	AES-256-GCM
auth		SHA512
CLIENT

Code: Select all

client
tls-client
remote 	10.0.2.12		
dev 		tun			
ifconfig	10.8.0.1 10.8.0.2	
proto		udp
keepalive	10 120

ca		/home/client1/Files4OVPN/ca.crt
cert		/home/client1/Files4OVPN/C1_ovpn-server.crt
key		/home/client1/Files4OVPN/C1_ovpn-server.key
tls-crypt	/home/client1/Files4OVPN/ta.key 1
cipher		AES-256-GCM
auth		SHA512
remote-cert-tls server
The problem is, that the ping from server to 10.8.0.1 doesn't work and vice versa fro client and ping to 10.8.0.2.

In the logs from initialisation i get:
LOGS (after running config file on server site)

Code: Select all

openvpn --config server.conf                                                                                  130 ⨯
2021-06-01 16:36:43 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
2021-06-01 16:36:43 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021-06-01 16:36:43 TUN/TAP device tun0 opened
2021-06-01 16:36:43 net_iface_mtu_set: mtu 1500 for tun0
2021-06-01 16:36:43 net_iface_up: set tun0 up
2021-06-01 16:36:43 net_addr_ptp_v4_add: 10.8.0.2 peer 10.8.0.1 dev tun0
2021-06-01 16:36:43 Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-06-01 16:36:43 UDPv4 link local (bound): [AF_INET][undef]:1194
2021-06-01 16:36:43 UDPv4 link remote: [AF_UNSPEC]
2021-06-01 16:36:43 Initialization Sequence Completed
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_VER=2.5.1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_PLAT=linux
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_PROTO=6
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_NCP=2
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZ4=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZ4v2=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZO=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_COMP_STUB=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_COMP_STUBv2=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_TCPNL=1
2021-06-01 16:36:46 10.0.2.9:1194 [C1_ovpn-server] Peer Connection Initiated with [AF_INET]10.0.2.9:1194
2021-06-01 16:36:46 C1_ovpn-server/10.0.2.9:1194 MULTI: no dynamic or static remote--ifconfig address is available for C1_ovpn-server/10.0.2.9:1194
Probably the problem is the last line of the LOG ^

Ipetables rules have been cleared.. I'm asking for help because I don't know what's wrong. Even the smallest hint or link to a fragment of the documentation may be beneficial.
/kedzidom
01101011011000010110110001101001011010010111001101101100011010010110011001100101

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ping between tunnel ends is not working. OpenVPN client-server config.

Post by TinCanTech » Tue Jun 01, 2021 9:58 pm

Don't try to run a TLS Server in peer-to-peer mode.

kedzidom
OpenVpn Newbie
Posts: 2
Joined: Tue Jun 01, 2021 8:59 pm

Re: Ping between tunnel ends is not working. OpenVPN client-server config.

Post by kedzidom » Tue Jun 01, 2021 10:04 pm

TinCanTech wrote:
Tue Jun 01, 2021 9:58 pm
Don't try to run a TLS Server in peer-to-peer mode.
Is there a way to make this ping work? Because to be honest it's just simple project .. according to the teacher, it should "work" :/ Even if it's doesn't make sense..

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ping between tunnel ends is not working. OpenVPN client-server config.

Post by TinCanTech » Tue Jun 01, 2021 10:06 pm

Then your teacher is wrong.

Which is no surprise to me ..

Post Reply