I have a very simple setup which drives my nuts since it does not work as expected:
Code: Select all
+----------------------------------+ +----------------------------------+
| ROUTER (Home) | | ROUTER (Office) |
| |public IP INTERNET public IP| |
|static routes: |-----------------------------------------------------|static routes: |
|10.205.0.0/16 via 192.168.0.43 | |10.205.0.0/16 via 192.168.193.240|
|192.168.193.0/24 via 192.168.0.43 | |192.168.0.0/24 via 192.168.193.240|
|port forwarding: | |port forwarding: |
|udp/1194 192.168.0.43 | |udp/1194 192.168.193.240|
+-----------------+----------------+ +-----------------+----------------+
|192.168.0.1 |192.168.193.245
| |
+-------------------+---------------------+ +-------------------+---------------------+
| | | |
|192.168.0.43 |192.168.0.X |192.168.193.240 |192.168.193.Y
+-----------------+----------------+ +----------------+-----------------+ +-----------------+----------------+ +-----------------+----------------+
| OpenVPN CLIENT | | PC | | OpenVPN SERVER | | PC |
| | | | | | | |
|ip forwarding enabled: | | | |ip forwarding enabled: | | |
|net.ipv4.ip_forward=1 | | | |net.ipv4.ip_forward=1 | | |
|tun 10.205.76.2 | | | |tun 10.205.76.1 | | |
+----------------------------------+ +----------------------------------+ +----------------------------------+ +----------------------------------+
Code: Select all
root@vm-openvpn:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:15:5d:00:0a:0f
inet Adresse:192.168.0.43 Bcast:192.168.0.255 Maske:255.255.255.0
inet6-Adresse: fd00::215:5dff:fe00:a0f/64 Gültigkeitsbereich:Global
inet6-Adresse: fe80::215:5dff:fe00:a0f/64 Gültigkeitsbereich:Verbindung
inet6-Adresse: 2003:c0:33f5:a900:215:5dff:fe00:a0f/64 Gültigkeitsbereich:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX-Pakete:88468 Fehler:0 Verloren:1329 Überläufe:0 Fenster:0
TX-Pakete:37987 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX-Bytes:23173750 (23.1 MB) TX-Bytes:13606797 (13.6 MB)
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:65536 Metrik:1
RX-Pakete:816 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:816 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:1
RX-Bytes:53432 (53.4 KB) TX-Bytes:53432 (53.4 KB)
tun0 Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet Adresse:10.205.76.2 P-z-P:10.205.76.2 Maske:255.255.255.0
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1500 Metrik:1
RX-Pakete:4637 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
TX-Pakete:5454 Fehler:0 Verloren:0 Überläufe:0 Träger:0
Kollisionen:0 Sendewarteschlangenlänge:100
RX-Bytes:509228 (509.2 KB) TX-Bytes:966318 (966.3 KB)
root@vm-openvpn:/etc/openvpn# route
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
default fritz.box 0.0.0.0 UG 0 0 0 eth0
10.205.76.0 * 255.255.255.0 U 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.193.0 10.205.76.1 255.255.255.0 UG 0 0 0 tun0
root@vm-openvpn:/etc/openvpn# ping -c 2 10.205.76.1
PING 10.205.76.1 (10.205.76.1) 56(84) bytes of data.
64 bytes from 10.205.76.1: icmp_seq=1 ttl=64 time=36.2 ms
64 bytes from 10.205.76.1: icmp_seq=2 ttl=64 time=37.1 ms
--- 10.205.76.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 36.291/36.743/37.195/0.452 ms
root@vm-openvpn:/etc/openvpn# ping -c 2 192.168.193.240
PING 192.168.193.240 (192.168.193.240) 56(84) bytes of data.
64 bytes from 192.168.193.240: icmp_seq=1 ttl=64 time=37.4 ms
64 bytes from 192.168.193.240: icmp_seq=2 ttl=64 time=37.4 ms
--- 192.168.193.240 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 37.441/37.446/37.451/0.005 ms
root@vm-openvpn:/etc/openvpn# ping -c 2 192.168.193.10
PING 192.168.193.10 (192.168.193.10) 56(84) bytes of data.
64 bytes from 192.168.193.10: icmp_seq=1 ttl=126 time=37.6 ms
64 bytes from 192.168.193.10: icmp_seq=2 ttl=126 time=38.8 ms
--- 192.168.193.10 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 37.684/38.264/38.844/0.580 ms
root@vm-openvpn:/etc/openvpn# traceroute 192.168.193.10
traceroute to 192.168.193.10 (192.168.193.10), 30 hops max, 60 byte packets
1 10.205.76.1 (10.205.76.1) 41.324 ms 41.262 ms 41.951 ms
2 192.168.193.10 (192.168.193.10) 41.932 ms * *
root@vm-openvpn:/etc/openvpn#
Code: Select all
pi@openvpn:/etc/openvpn $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.193.240 netmask 255.255.255.0 broadcast 192.168.193.255
inet6 2003:c0:33cd:e300:e62d:6811:f28d:73ef prefixlen 64 scopeid 0x0<global>
inet6 fe80::7e5a:bfc8:972c:f209 prefixlen 64 scopeid 0x20<link>
inet6 fd50:7c6b:6849:0:86cf:ca3f:26e4:2d38 prefixlen 64 scopeid 0x0<global>
ether b8:27:eb:10:41:c3 txqueuelen 1000 (Ethernet)
RX packets 22889 bytes 4027496 (3.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11958 bytes 2628878 (2.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Lokale Schleife)
RX packets 7 bytes 476 (476.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 476 (476.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.205.76.1 netmask 255.255.255.0 destination 10.205.76.1
inet6 fe80::eeab:3146:67cc:1722 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 6306 bytes 637857 (622.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6496 bytes 694692 (678.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
pi@openvpn:/etc/openvpn $ route
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
default be.ip 0.0.0.0 UG 202 0 0 eth0
10.205.76.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.0.0 10.205.76.2 255.255.255.0 UG 0 0 0 tun0
192.168.193.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
pi@openvpn:/etc/openvpn $ ping -c 2 10.205.76.2
PING 10.205.76.2 (10.205.76.2) 56(84) bytes of data.
64 bytes from 10.205.76.2: icmp_seq=1 ttl=64 time=37.1 ms
64 bytes from 10.205.76.2: icmp_seq=2 ttl=64 time=41.7 ms
--- 10.205.76.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 37.103/39.430/41.758/2.335 ms
pi@openvpn:/etc/openvpn $ ping -c 2 192.168.0.43
PING 192.168.0.43 (192.168.0.43) 56(84) bytes of data.
--- 192.168.0.43 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1026ms
pi@openvpn:/etc/openvpn $ ping -c 2 192.168.0.10
PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data.
--- 192.168.0.10 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1056ms
pi@openvpn:/etc/openvpn $ traceroute 192.168.0.10
traceroute to 192.168.0.10 (192.168.0.10), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * *^C
pi@openvpn:/etc/openvpn $
- I can not ping the client from the server
- PCs on the client side can not ping any other machine on the server side
proto udp
port 1194
dev tun
server 10.205.76.0 255.255.255.0
topology subnet
persist-key
persist-tun
keepalive 10 60
duplicate-cn
user nobody
group nogroup
daemon
verb 3
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
remote-cert-tls client
management 127.0.0.1 5555
tls-auth /etc/openvpn/keys/ta.key 0
dh /etc/openvpn/keys/dh2048.pem
pkcs12 /etc/openvpn/keys/OpenVPN_PAW_Server.p12
crl-verify /etc/openvpn/keys/OpenVPN_PAW_CRL.pem
push "route 192.168.193.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
proto udp
port 1194
dev tun
client
remote doe.jane.com
persist-key
persist-tun
user nobody
group nogroup
nobind
verb 3
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
remote-cert-tls server
#management 127.0.0.1 5555
pkcs12 /etc/openvpn/keys_PAW/OpenVPN_PAW_Client1.p12
tls-auth /etc/openvpn/keys_PAW/ta.key 1
What am I doing wrong? Config problem? Router problem? Help would be reaaaaaaly very much appreciated!! Thx in advance!!