VPN connect to server from lan-IP (client) to the public-IP (server) in LAN

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
jokantor
OpenVpn Newbie
Posts: 1
Joined: Tue Jun 04, 2019 3:04 pm

VPN connect to server from lan-IP (client) to the public-IP (server) in LAN

Post by jokantor » Tue Jun 04, 2019 3:42 pm

The intention is having portable devices such us laptops and phones that can easily connect to the network the vpn server locates on the front of the network as a gateway contains two network cards (wlan/public-IP and lan/local-IP).
I have a small problem with firewall (iptables) regarding vpn connection. All the configuration works fine as long as i can user following scenarios settings:
1.
Connect from public-IP (client) to public-IP (server)
no problems
2.
Connect from lan-IP (clinet) to lan-IP (server). All local IP's
no problems
3.
Connect form lan-IP (client) to public-IP (server). From local IP to the same local network but via public IP.
following error:

Code: Select all

openvpn.log contains:
--
Tue Jun  4 15:39:21 2019 192.168.1.104:52894 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.104:52894
Tue Jun  4 15:39:22 2019 192.168.1.104:52894 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1559659157) Tue Jun  4 15:39:17 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
--
server config

log-append /var/log/openvpn.log
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert cert.crt
key key.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem[/code]


I am sure is a simple way of dealing with the problem

Post Reply