This forum is for admins who are looking to build or expand their OpenVPN setup.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
jtd00123
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Oct 13, 2021 6:20 pm
Post
by jtd00123 » Wed Oct 13, 2021 6:39 pm
I can ping the client's VPN address (172.16.1.2) but not client-side LAN (192.168.3.1) from behind the server. What is curious is that from behind the client I can ping the server-side LAN (192.168.2.1) and anything behind the server. Both the server and client are routers that are behind the internet. I am certain this is due to incorrect routing tables, but I can't for the life of me figure out what is wrong.
Code: Select all
Server routing table:
Destination ||| Gateway ||| Interface
0.0.0.0/0 ||| 172.16.66.1 ||| eth0
0.0.0.0/24 ||| 0.0.0.0 ||| vtun0
127.0.0.0/8 ||| 0.0.0.0 ||| lo
172.16.1.0/24 ||| 0.0.0.0 ||| vtun0
172.16.66.0/24 ||| 0.0.0.0 ||| eth0
192.168.2.0/24 ||| 0.0.0.0 ||| switch0
192.168.3.0/24 ||| 172.16.1.2 ||| vtun0
Code: Select all
Client routing table:
Destination ||| Gateway ||| Interface
0.0.0.0 ||| OMIT PUBLIC IP ||| eth0
172.16.1.0/24 ||| 0.0.0.0 ||| vtun0
192.168.2.0/24 ||| 172.16.1.1 ||| vtun0
192.168.3.0/24 ||| 0.0.0.0 ||| switch0
-
arboziz
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Nov 03, 2021 9:50 pm
Post
by arboziz » Wed Nov 03, 2021 9:57 pm
Hi ,have you solved?
Same situation here.
In my case (maybe the same as you) the problem is that when server send packet to client subnet ,address in source ip in the packet is address from public wan eth0 of the server and not address of tun0.
src ip in packet send to openvpn client address (10.8.0.2) is correctly 10.8.0.1
Just in case i try to force src ip with nat rule in iptable and put tun0 address as preferred src for clientsubnet route
but nothing changed
problem only from server.From another client I can correctly ping tun address 10.8.0.2 and client subnet addresses.
Hope someone can help