I just setup a new installation of AS 2.8.8 on CentOS 8. I have successfully configured LDAP and also post_auth ldap_groups to mach my LDAP accounts against AS access groups. In the VPN section I chose routing via NAT and entered two of my private networks.
My issue is, that any connected client can ping into the private networks, regardless of any access groups restrictions, but regular tcp traffic is not routed - it just seems to be dropped at the AS gateway. When the client connects, I can see the the routes for the private networks get pushed. This is how the vpn server is configured:
Code: Select all
"vpn.server.cipher": "AES-256-CBC",
"vpn.server.daemon.enable": "true",
"vpn.server.daemon.ovpndco": "false",
"vpn.server.daemon.protocols": "both",
"vpn.server.daemon.tcp.n_daemons": "2",
"vpn.server.daemon.tcp.port": "443",
"vpn.server.daemon.udp.n_daemons": "2",
"vpn.server.daemon.udp.port": "1194",
"vpn.server.dhcp_option.adapter_domain_suffix": "jvm.de",
"vpn.server.dhcp_option.dns.0": "10.11.24.6",
"vpn.server.dhcp_option.domain": "jvm.de",
"vpn.server.google_auth.enable": "false",
"vpn.server.group_pool.0": "172.27.240.0/20",
"vpn.server.port_share.enable": "true",
"vpn.server.port_share.ip_address": "1.2.3.4",
"vpn.server.port_share.port": "1234",
"vpn.server.port_share.service": "admin+client",
"vpn.server.routing.gateway_access": "true",
"vpn.server.routing.private_access": "nat",
"vpn.server.routing.private_network.0": "10.11.31.0/24",
"vpn.server.routing.private_network.1": "10.11.24.0/24",
"vpn.server.tls_auth": "true",
"vpn.server.tls_version_min": "1.2",
I have already setup the free version of OpenVPN before, but I cannot seem to get this working, so any input is greatly appreciated.
Thanks.