Connected: Can ping client's VPN address but not client-side LAN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
jtd00123
OpenVpn Newbie
Posts: 1
Joined: Wed Oct 13, 2021 6:20 pm

Connected: Can ping client's VPN address but not client-side LAN

Post by jtd00123 » Wed Oct 13, 2021 6:39 pm

I can ping the client's VPN address (172.16.1.2) but not client-side LAN (192.168.3.1) from behind the server. What is curious is that from behind the client I can ping the server-side LAN (192.168.2.1) and anything behind the server. Both the server and client are routers that are behind the internet. I am certain this is due to incorrect routing tables, but I can't for the life of me figure out what is wrong.

Code: Select all

Server routing table:  
Destination    ||| Gateway     |||    Interface
0.0.0.0/0	  ||| 172.16.66.1  ||| eth0	
0.0.0.0/24	|||	    0.0.0.0    |||   vtun0
127.0.0.0/8	|||	  0.0.0.0       |||     lo		
172.16.1.0/24	|||	      0.0.0.0      |||    vtun0	
172.16.66.0/24	|||     0.0.0.0      |||      eth0	
192.168.2.0/24	|||      0.0.0.0       |||    switch0		
192.168.3.0/24	   |||  172.16.1.2	|||  vtun0	

Code: Select all

Client routing table: 
Destination    |||      Gateway      |||   Interface
0.0.0.0	     |||      OMIT PUBLIC IP |||  eth0	
172.16.1.0/24	|||   0.0.0.0	     |||        vtun0
192.168.2.0/24	 ||| 172.16.1.1	|||     vtun0
192.168.3.0/24	|||   0.0.0.0	 |||           switch0


arboziz
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 03, 2021 9:50 pm

Re: Connected: Can ping client's VPN address but not client-side LAN

Post by arboziz » Wed Nov 03, 2021 9:57 pm

Hi ,have you solved?
Same situation here.
In my case (maybe the same as you) the problem is that when server send packet to client subnet ,address in source ip in the packet is address from public wan eth0 of the server and not address of tun0.
src ip in packet send to openvpn client address (10.8.0.2) is correctly 10.8.0.1
Just in case i try to force src ip with nat rule in iptable and put tun0 address as preferred src for clientsubnet route
but nothing changed
problem only from server.From another client I can correctly ping tun address 10.8.0.2 and client subnet addresses.
Hope someone can help

Post Reply