I have setup OpenVPN server on an EC2 instance, I can ping the VPN server IP from the VPN clients, but cannot ping clients from the server.
After some tcpdump debugging, I noticed that, when sending a curl request the source IP of the request is coming from the private IP of the instance in the AWS subnet.
Code: Select all
20:52:48.640329 IP 10.0.0.123 > 172.16.0.101: ICMP echo request, id 3, seq 1, length 64
Server Configuration
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
tls-auth /etc/openvpn/keys/ta.key 0
tls-server
auth SHA256
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
server 172.16.0.0 255.255.255.0
topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir ccd
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 172.16.0.0 255.255.255.0"
push "dhcp-option DNS 172.16.0.1"
keepalive 5 30
compress lzo
persist-key
persist-tun
user nobody
group nogroup
status status-openvpn_udp_1194.log
status-version 1
log-append /var/log/openvpn.log
verb 3
Server CCD Configuration for client
ifconfig-push 172.16.0.101 255.255.255.0
iroute 172.16.0.0 255.255.255.0
Client Configuration
client
tls-client
auth SHA256
cipher AES-256-CBC
remote-cert-tls server
tls-version-min 1.2
proto udp
remote vpn-server-ip 1194
dev tun
resolv-retry 5
nobind
keepalive 5 30
compress lzo
persist-key
persist-tun
verb 3
route-method exe
route-delay 2
key-direction 1
Any hints?
FYI: The server has been configured through the kyl191/openvpn Ansible role.
Thanks,
S