I'm trying to install a OpenVPN server on a Google Compute Engine VM to be able to access the LAN of my VM running in Google Virtual Private Cloud VPC.
Here's my setup.
Home LAN network 192.168.2.0/24
Google LAN (VPC) 10.128.0.0/9
OpenVPN Server/DNS Server IP: 10.162.0.2
What I want is to allow access to the Google LAN 10.128.0.0/9 from home. I don't want to redirect all traffic but only this lan through the VPN. I don't know why but I'm only able to ping 10.162.0.2 and not my others VM like 10.162.0.4 or the gateway 10.162.0.1
Server.conf
[oconf]
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dhp4096.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.128.0.0 255.128.0.0" #Whole VPC
push "dhcp-option DNS 10.162.0.2"
keepalive 10 120
tls-crypt ta.key
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
ncp-ciphers AES-256-GCM:AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
[/oconf]
iptables setup:
Code: Select all
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 10.8.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1194
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Code: Select all
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.2.1 UGSc 121 0 en1
10.8/24 10.8.0.2 UGSc 3 0 utun1
10.8.0.2 10.8.0.2 UH 2 0 utun1
10.128/9 10.8.0.1 UGSc 1 2 utun1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 2 2307 lo0
169.254 link#7 UCS 0 0 en1
192.168.2 link#7 UCS 1 0 en1
192.168.2.1/32 link#7 UCS 1 0 en1
192.168.2.1 xx:xx:xx:xx:xx:xx UHLWIir 54 1368 en1 1116
192.168.2.11/32 link#7 UCS 1 0 en1
192.168.2.11 zz:zz:zz:zz:zz:zz UHLWI 0 58 lo0
192.168.2.255 ff:ff:ff:ff:ff:ff UHLWbI 0 1 en1
224.0.0/4 link#11 UmCS 0 0 utun1
224.0.0/4 link#7 UmCSI 1 0 en1
224.0.0.251 yy:yy:yy:yy:yy:yy UHmLWI 0 0 en1
255.255.255.255/32 link#11 UCS 1 0 utun1
255.255.255.255/32 link#7 UCSI 0 0 en1
255.255.255.255 link#11 UHW3bI 0 23 utun1 1054