Here is my situation:
Site A
172.20.0.1 - ROUTER/GATEWAY DEBIAN
Code: Select all
enp2s0 (LAN)
172.20.0.1
enp3s0 (WAN)
192.168.100.250
Server config
port 2020
proto udp
dev tun1
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 172.30.0.0 255.255.0.0
ifconfig 172.30.0.1 172.30.0.2
route 172.20.0.0 255.255.0.0
push "route 172.30.0.0 255.255.0.0"
push "route 172.20.0.0 255.255.0.0 172.30.0.1"
client-to-client
client-config-dir /etc/openvpn/server/ccd
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
/etc/openvpn/server/ccd/gateway2
Code: Select all
iroute 172.20.0.0 255.255.0.0
172.20.100.1 - ROUTER/GATEWAY DEBIAN
Code: Select all
enp2s0 (LAN)
172.20.100.1
enp3s0 (WAN)
192.168.100.250
Client config
client
dev tun1
proto udp
remote xxx.xxx.xxx.xxx 2020
resolv-retry infinite
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
float
verb 3
status openvpn-gate-status.log
<ca>
...
The tunnel is working because I can ping 172.30.0.1 and 172.30.0.2 from both sides. But as both have same Lan network I wan to be able to access both sides on 172.20.0.0/16 from debian gateway and clients from both sides.
ip forwared is ok
iptables seems ok also.
What am I missing? How can I check if CCD is working for current connection?
Thank you