[Solved] IPv4 traffic redirection
Posted: Tue Jul 28, 2020 1:52 pm
Hello guys,
I'm new to OpenVPN world but i managed to setup my first environment..no fully functional right now.
I use Ubuntu 18.04 for both server and client.
OpenVPN interface is UP and peers are able to ping each other. The problem is that i want to forward all traffic between subnets behind client and server.
My environmnet looks like this:
192.168.219.0/30 ===>(192.168.219.1/30) OpenVPN Srv (10.10.100.1/24) ====== 10.10.100.0/24 ====== (10.10.100.5/24)Client(192.168.219.10/29)<=== 192.168.219.8/29
For example I want 192.168.219.2/30 to go thru tunnel and reach 192.168.219.14/29
Server side
Client side
Peers can ping each other thru the tunnel
From client i have a route to server network via tunnel
But from server side i cannot reach network behind client:
local 100.80.1.252
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
topology subnet
server 10.10.100.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 192.168.219.0 255.255.255.252"
duplicate-cn
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
If you have any trobleshoot suggestions or if there is anything else what need to be configured please let me know.
I'm new to OpenVPN world but i managed to setup my first environment..no fully functional right now.
I use Ubuntu 18.04 for both server and client.
Code: Select all
root@vsrv-bicab-1u:/home/VPN# cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.1 LTS (Bionic Beaver)"
OpenVPN interface is UP and peers are able to ping each other. The problem is that i want to forward all traffic between subnets behind client and server.
My environmnet looks like this:
192.168.219.0/30 ===>(192.168.219.1/30) OpenVPN Srv (10.10.100.1/24) ====== 10.10.100.0/24 ====== (10.10.100.5/24)Client(192.168.219.10/29)<=== 192.168.219.8/29
For example I want 192.168.219.2/30 to go thru tunnel and reach 192.168.219.14/29
Server side
Code: Select all
root@vsrv-bicab-1u:/home/VPN# cat /proc/sys/net/ipv4/ip_forward
1
Code: Select all
ens224: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.219.1 netmask 255.255.255.252 broadcast 192.168.219.3
inet6 2a02:8100:d102:1::1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::250:56ff:fe83:f2 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:83:00:f2 txqueuelen 1000 (Ethernet)
RX packets 20190357 bytes 25841573911 (25.8 GB)
RX errors 0 dropped 15 overruns 0 frame 0
TX packets 626560 bytes 480172475 (480.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.10.100.1 netmask 255.255.255.0 destination 10.10.100.1
inet6 fe80::bd89:dd9e:72e4:5fde prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 64 bytes 5376 (5.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 277 bytes 19216 (19.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code: Select all
ens224: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.219.10 netmask 255.255.255.248 broadcast 192.168.219.15
inet6 fe80::250:56ff:fe83:3589 prefixlen 64 scopeid 0x20<link>
inet6 2a02:8100:d102:2::3 prefixlen 64 scopeid 0x0<global>
ether 00:50:56:83:35:89 txqueuelen 1000 (Ethernet)
RX packets 976511 bytes 804486543 (804.4 MB)
RX errors 0 dropped 9 overruns 0 frame 0
TX packets 3280486 bytes 6149041625 (6.1 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.10.100.5 netmask 255.255.255.0 destination 10.10.100.5
inet6 fe80::9418:ea93:83d8:a8bd prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 71 bytes 5712 (5.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 78 bytes 6160 (6.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Peers can ping each other thru the tunnel
Code: Select all
root@vsrv-bicab-3u:/home/VPN# ping 10.10.100.1 -c 3 -i 0.1
PING 10.10.100.1 (10.10.100.1) 56(84) bytes of data.
64 bytes from 10.10.100.1: icmp_seq=1 ttl=64 time=15.7 ms
64 bytes from 10.10.100.1: icmp_seq=2 ttl=64 time=15.1 ms
64 bytes from 10.10.100.1: icmp_seq=3 ttl=64 time=10.2 ms
--- 10.10.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 201ms
rtt min/avg/max/mdev = 10.266/13.721/15.788/2.462 ms
Code: Select all
root@vsrv-bicab-3u:/home/VPN# ip ro get 192.168.219.1
192.168.219.1 via 10.10.100.1 dev tun0 src 10.10.100.5 uid 0
cache
Code: Select all
root@vsrv-bicab-3u:/home/VPN# ping 192.168.219.1 -c 3 -i 0.1
PING 192.168.219.1 (192.168.219.1) 56(84) bytes of data.
64 bytes from 192.168.219.1: icmp_seq=1 ttl=64 time=16.3 ms
64 bytes from 192.168.219.1: icmp_seq=2 ttl=64 time=16.0 ms
64 bytes from 192.168.219.1: icmp_seq=3 ttl=64 time=10.3 ms
--- 192.168.219.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 200ms
rtt min/avg/max/mdev = 10.349/14.239/16.355/2.758 ms
Code: Select all
root@vsrv-bicab-3u:/home/VPN# traceroute 192.168.219.1
traceroute to 192.168.219.1 (192.168.219.1), 30 hops max, 60 byte packets
1 192.168.219.1 (192.168.219.1) 13.989 ms 20.999 ms 21.032 ms
But from server side i cannot reach network behind client:
Code: Select all
root@vsrv-bicab-1u:/home/VPN# ip ro get 192.168.219.10
192.168.219.10 via 10.10.100.1 dev tun0 src 10.10.100.1 uid 0
cache
Code: Select all
root@vsrv-bicab-1u:/home/VPN# ping 192.168.219.10 -c 3 -i 0.1
PING 192.168.219.10 (192.168.219.10) 56(84) bytes of data.
--- 192.168.219.10 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 204ms
Code: Select all
root@vsrv-bicab-1u:/home/VPN# traceroute 192.168.219.10
traceroute to 192.168.219.10 (192.168.219.10), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
Server Config
local 100.80.1.252
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
topology subnet
server 10.10.100.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 192.168.219.0 255.255.255.252"
duplicate-cn
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
If you have any trobleshoot suggestions or if there is anything else what need to be configured please let me know.