OpenVPN AS - Site2Site issues

Ask questions about your Access Server configuration here.
Post Reply
o14p
OpenVpn Newbie
Posts: 2
Joined: Tue Mar 10, 2020 6:07 pm

OpenVPN AS - Site2Site issues

Post by o14p » Mon Oct 19, 2020 6:26 pm

Hi all,

I've been playing around lately with some networking/vpn set-ups and I've had some failed attempts following these details:https://openvpn.net/vpn-server-resource ... in-detail/

The issue
I want to be able to reach with any Network 1 device any Network 2 device, and I can't change the set-up to have the server in Network 2. So far I can go from the Network 2 VPN Client to any Network 1 device.

Network 1
Router
  • 192.168.40.254/24
  • Using DDNS, this seems to work
  • Linksys E4200 v1 (Advanced Tomato firmware)
  • Image
OpenVPN AS - Server
  • 192.168.40.250
  • Running on Ubuntu via VirtualBox (Bridged - Promiscuous mode, allow all)
  • Image
  • Image
Network 2
Router
  • 192.168.30.254/24
  • FortiWiFi 60E-DSL
OpenVPN Client
  • 192.168.30.250
  • Running on Ubuntu via VirtualBox (Bridged - Promiscuous mode, allow all)
  • "server.conf" put in /etc/openvpn/ generated via the AS WebGui with the client account "abattoir"

    Code: Select all

    # Automatically generated OpenVPN client config file
    # Generated on Sun Oct 18 19:21:10 2020 by vpnserver
    
    # Default Cipher
    cipher AES-256-CBC
    # Note: this config file contains inline private keys
    #       and therefore should be kept confidential!
    # Note: this configuration is user-locked to the username below
    # OVPN_ACCESS_SERVER_USERNAME=abattoir
    # Define the profile name of this particular configuration file
    # OVPN_ACCESS_SERVER_PROFILE=abattoir@ddns.address.net/AUTOLOGIN
    # OVPN_ACCESS_SERVER_AUTOLOGIN=1
    # OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
    # OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
    # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=False
    # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
    # OVPN_ACCESS_SERVER_WSHOST=ddns.address.net:443
    # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
    # -----BEGIN CERTIFICATE-----
    
    # -----END CERTIFICATE-----
    # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
    # OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
    setenv FORWARD_COMPATIBLE 1
    client
    server-poll-timeout 4
    nobind
    remote ddns.address.net 1194 udp
    remote ddns.address.net 1194 udp
    remote ddns.address.net 443 tcp
    remote ddns.address.net 1194 udp
    remote ddns.address.net 1194 udp
    remote ddns.address.net 1194 udp
    remote ddns.address.net 1194 udp
    remote ddns.address.net 1194 udp
    dev tun
    dev-type tun
    ns-cert-type server
    setenv opt tls-version-min 1.0 or-highest
    reneg-sec 604800
    sndbuf 0
    rcvbuf 0
    # NOTE: LZO commands are pushed by the Access Server at connect time.
    # NOTE: The below line doesn't disable LZO.
    comp-lzo no
    verb 3
    setenv PUSH_PEER_INFO
    
    <ca>
    -----BEGIN CERTIFICATE-----
    
    -----END CERTIFICATE-----
    </ca>
    
    <cert>
    -----BEGIN CERTIFICATE-----
    
    -----END CERTIFICATE-----
    </cert>
    
    <key>
    -----BEGIN PRIVATE KEY-----
    
    -----END PRIVATE KEY-----
    </key>
    
    key-direction 1
    <tls-auth>
    #
    # 2048 bit OpenVPN static key (Server Agent)
    #
    -----BEGIN OpenVPN Static key V1-----
    
    -----END OpenVPN Static key V1-----
    </tls-auth>
    
    
Status
  • Ping from Server to Client OK
  • Ping/Traceroute from Server to Network 2 router, not OK

    Code: Select all

    olivier@vpnserver:~$ traceroute 192.168.30.254
    traceroute to 192.168.30.254 (192.168.30.254), 30 hops max, 60 byte packets
     1  172.27.232.10 (172.27.232.10)  35.987 ms  38.234 ms  38.231 ms
     2  * * *
     3  * * *
     4  * * *
     5  * * *
     6  * * *
     7  *^C
    
  • Ping/Traceroute from Network 1 to Network 2 VPN Client, not ok

    Code: Select all

    Olivier$ traceroute 192.168.30.250
    traceroute to 192.168.30.250 (192.168.30.250), 64 hops max, 52 byte packets
     1  katrouter (192.168.40.254)  1.763 ms  2.188 ms  2.132 ms
     2  * *^C
  • Ping/Traceroute from Network 2 VPN Client to Network 1 Router (and any other Network 1 device), ok

    Code: Select all

    olivier@vpngateway1:~$ traceroute 192.168.40.254
    traceroute to 192.168.40.254 (192.168.40.254), 30 hops max, 60 byte packets
     1  172.27.232.1 (172.27.232.1)  29.176 ms  32.141 ms  39.014 ms
     2  192.168.40.254 (192.168.40.254)  39.406 ms  39.816 ms  39.964 ms
Any tips or what I can try? Thank you!

Post Reply