I'm struggling with an OpenVPN configuration quite unusual for my experience.
Basically it's a vpn between my HQ and a cloud instance, monitoring and backups have to be done on a couple of HQ hosts, one of these is a vpn endpoint.
This is the basic architecture:
Code: Select all
vpn endpoint HQ (OpenVPN client):
etho: 10.62.15.154
tun0: 10.30.41.254
vpn endpoint cloud (OpenVPN server):
eth0: 10.1.0.4
tun0: 10.30.41.1
wan: 52.53.54.55
backup HQ:
eth0: 10.62.15.140
OpenVPN tunnel works, to make the client able to reach the eth0 interface on the cloud instance I added push "route 10.1.0.4 255.255.255.255" to the server.conf on the cloud instance.
My problem is that I can't reach the HQ OpenVPN endpoint eth0 interface and the backup host interface from the cloud instance (OpenVPN server). I tried to add route 10.62.15.154 255.255.255.255 to the server.conf on the instance but this resulted in a record on my cloud instance routing table which is quite strange, because there's no interface with 10.30.41.2 ip address.
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
10.62.15.154 10.30.41.2 255.255.255.255 UGH 0 0 0 tun0
Thanks
server config
port 5755
proto udp
dev tun
askpass /root/.server.pass
dh /etc/openvpn/certs/dh.pem
server 10.30.41.0 255.255.255.0
push "route 10.1.0.4 255.255.255.255"
client-config-dir ccd
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nobody
log-append /var/log/openvpn.log
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
proto udp
dev tun
askpass /root/.server.pass
dh /etc/openvpn/certs/dh.pem
server 10.30.41.0 255.255.255.0
push "route 10.1.0.4 255.255.255.255"
client-config-dir ccd
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nobody
log-append /var/log/openvpn.log
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
client config
client
dev tun
proto udp
remote 52.53.54.55 5755
askpass /root/.client.pass
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
dev tun
proto udp
remote 52.53.54.55 5755
askpass /root/.client.pass
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>