I've been playing around lately with some networking/vpn set-ups and I've had some failed attempts following these details:https://openvpn.net/vpn-server-resource ... in-detail/
The issue
I want to be able to reach with any Network 1 device any Network 2 device, and I can't change the set-up to have the server in Network 2. So far I can go from the Network 2 VPN Client to any Network 1 device.
Network 1
Router
- 192.168.40.254/24
- Using DDNS, this seems to work
- Linksys E4200 v1 (Advanced Tomato firmware)
- 192.168.40.250
- Running on Ubuntu via VirtualBox (Bridged - Promiscuous mode, allow all)
Router
- 192.168.30.254/24
- FortiWiFi 60E-DSL
- 192.168.30.250
- Running on Ubuntu via VirtualBox (Bridged - Promiscuous mode, allow all)
- "server.conf" put in /etc/openvpn/ generated via the AS WebGui with the client account "abattoir"
Code: Select all
# Automatically generated OpenVPN client config file # Generated on Sun Oct 18 19:21:10 2020 by vpnserver # Default Cipher cipher AES-256-CBC # Note: this config file contains inline private keys # and therefore should be kept confidential! # Note: this configuration is user-locked to the username below # OVPN_ACCESS_SERVER_USERNAME=abattoir # Define the profile name of this particular configuration file # OVPN_ACCESS_SERVER_PROFILE=abattoir@ddns.address.net/AUTOLOGIN # OVPN_ACCESS_SERVER_AUTOLOGIN=1 # OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True # OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=False # OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True # OVPN_ACCESS_SERVER_WSHOST=ddns.address.net:443 # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START # -----BEGIN CERTIFICATE----- # -----END CERTIFICATE----- # OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP # OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1 setenv FORWARD_COMPATIBLE 1 client server-poll-timeout 4 nobind remote ddns.address.net 1194 udp remote ddns.address.net 1194 udp remote ddns.address.net 443 tcp remote ddns.address.net 1194 udp remote ddns.address.net 1194 udp remote ddns.address.net 1194 udp remote ddns.address.net 1194 udp remote ddns.address.net 1194 udp dev tun dev-type tun ns-cert-type server setenv opt tls-version-min 1.0 or-highest reneg-sec 604800 sndbuf 0 rcvbuf 0 # NOTE: LZO commands are pushed by the Access Server at connect time. # NOTE: The below line doesn't disable LZO. comp-lzo no verb 3 setenv PUSH_PEER_INFO <ca> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- </key> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key (Server Agent) # -----BEGIN OpenVPN Static key V1----- -----END OpenVPN Static key V1----- </tls-auth>
- Ping from Server to Client OK
- Ping/Traceroute from Server to Network 2 router, not OK
Code: Select all
olivier@vpnserver:~$ traceroute 192.168.30.254 traceroute to 192.168.30.254 (192.168.30.254), 30 hops max, 60 byte packets 1 172.27.232.10 (172.27.232.10) 35.987 ms 38.234 ms 38.231 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 *^C
- Ping/Traceroute from Network 1 to Network 2 VPN Client, not ok
Code: Select all
Olivier$ traceroute 192.168.30.250 traceroute to 192.168.30.250 (192.168.30.250), 64 hops max, 52 byte packets 1 katrouter (192.168.40.254) 1.763 ms 2.188 ms 2.132 ms 2 * *^C
- Ping/Traceroute from Network 2 VPN Client to Network 1 Router (and any other Network 1 device), ok
Code: Select all
olivier@vpngateway1:~$ traceroute 192.168.40.254 traceroute to 192.168.40.254 (192.168.40.254), 30 hops max, 60 byte packets 1 172.27.232.1 (172.27.232.1) 29.176 ms 32.141 ms 39.014 ms 2 192.168.40.254 (192.168.40.254) 39.406 ms 39.816 ms 39.964 ms