QNAP Openvpn doesn't receive internal client network packets

[xordi]

I have made the following scheme:

https://imgur.com/81Y6qoG
I got a QNAP NAS with Openvpn, and a RaspberryPi with a 3G dongle and by now 1 IP Camera for surveillance, for this one I installed isc-dhcp-server and made the 192.168.2.0 network.
QNAP Openvpn is working with local and external devices.

What I did:
From QNAP I can ping 10.8.0.6 Raspberry IP, but i can't ping 192.168.2.1 also Raspberry but internal network.
From Raspberry i can ping 192.168.2.12 (Camera 1), 10.8.0.1 (QNAP), 8.8.8.8 and www.google.es.
From Camera 1 (actually used my laptop), I can ping 192.168.2.1, 10.8.0.6 (raspberry vpn) but I can't 10.8.0.1 (QNAP vpn) and i can't 8.8.8.8.
Note: I have made Raspberry iptable totally permisive to avoid rules problems by now.

What happens:
I did a tcpdump on both QNAP(tun0) and Raspberry(ppp0) doing a ping from Raspberry to 10.8.0.1 there where packets from both sides, but doing a ping from internal host (192.168.2.X) there where packets only going outside on the Raspberry but there were no incoming package on the QNAP.
How can I ping 192.168.2.0 network from vpn network?

Configuration files:
Raspberry: https://pastebin.com/uqW5nrbN
Client: https://pastebin.com/qvH84aEU
QNAP: https://pastebin.com/vVbdauDu

Edit: Doing a tcpdump on QNAP eth0 while a host from 192.168.2.0 does a ping to 10.8.0.1(QNAP vpn), I can see the udp packets incoming. Is it possible that on QNAP it's missing a route on route table or his iptable drops these packets? Tried "ip route add 192.168.2.0/24 dev tun0" but it's not working.

[xordi]

I found that i had to do a Site2Site vpn and modifying the server.conf on my QNAP vpn server made it work partially.

The server.conf used (remember it is a QNAP openvpn):

Code: Select all

cd /etc/openvpn
dev tun
keepalive 10 120
reneg-sec 0
persist-key
persist-tun
duplicate-cn
script-security 3
client-to-client
management localhost 7505
#username-as-common-name
client-cert-not-required
auth-user-pass-verify /usr/sbin/vpn_check_account via-env

ca /etc/openvpn/keys/ca.crt
dh /etc/openvpn/keys/dh1024.pem
key /etc/openvpn/keys/myserver.key
cert /etc/openvpn/keys/myserver.crt

client-connect /etc/openvpn/connect.sh
client-disconnect /etc/openvpn/disconnect.sh

status /var/log/openvpn-status.log
writepid /var/run/openvpn.server.pid

port 1194
proto udp
max-clients 10
server 10.8.0.0 255.255.255.0

local 192.168.1.10
ifconfig-pool-persist ipp.txt
topology subnet
push "route 192.168.1.0 255.255.255.0"
route 192.168.2.0 255.255.255.0 10.8.0.1
client-config-dir config

push "dhcp-option DNS 8.8.8.8"
comp-lzo
cipher AES-256-CBC
tls-cipher TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

Now i can ping from QNAP(192.168.1.1) to 192.168.2.0(remote Raspberry) but if i connect to QNAP vpn from my mobile device using an OpenVPN app I can't ping to 192.168.2.0, the route table it is not updated.
Meanwhile i found a solution for QNAP users:
-Installed QNAP Surveillance app on QNAP, and QVR for mobile and Desktop.
-On the Surveillance app added the cameras using the remote network IP address (in my case 192.168.2.X)
-On the QVR app added QNAP Server and ... Voilà, now i can see the cameras from wherever through an vpn.

Still i would like to resolve the communication problemm, in some days if there is no answer i will mark it as solved.