VPN Server not forwarding packets

chronus · Post by **chronus** » Sun Feb 11, 2018 9:33 pm

Hello everybody,

i have a problem with forwarding of packets to the subnet behind the vpn server.

My Setup:

Client ------> VPN-GW1 ------> VPN-GW2------> LAN

Subnet (Client - VPN-GW1):
10.5.0.0/22

Subnet (VPN-GW1 - VPN-GW2):
10.0.0.0/24

Subnet (LAN)
172.16.0.0/16

Ping works without problems from:

VPN-GW1 to VPN-GW2
VPN-GW1 to LAN

LAN to VPN-GW2
LAN to VPN-GW1

When i try to ping a host in the LAN from the Client the packets will not arrive at VPN-GW2 i can only see them at VPN-GW1 in tcpdump.
FIrewall is turned off at GW1 and IP Forwarding is enabled in systctl.
Also the routes are visible on my client and on VPN-GW1.

server

port 1195
proto udp
dev tun
server 10.5.0.0 255.255.252.0
push "route 172.16.0.0 255.255.0.0"
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
keepalive 10 120
cipher AES-128-CBC # AES
auth SHA256
comp-lzo
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
script-security 3 system
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3

client

client
dev tun
proto udp
remote 192.168.10.145 1195
cipher AES-128-CBC
auth SHA256
nobind
auth-user-pass
reneg-sec 432000
resolv-retry infinite
ca ca.crt
comp-lzo

Routes on GW01:

Code: Select all

default via 192.168.10.1 dev enp0s3
10.0.0.0/24 dev tun1  proto kernel  scope link  src 10.0.0.2
10.5.0.0/22 via 10.5.0.2 dev tun0
10.5.0.2 dev tun0  proto kernel  scope link  src 10.5.0.1
172.16.0.0/16 via 10.0.0.1 dev tun1
192.168.10.0/24 dev enp0s3  proto kernel  scope link  src 192.168.10.145

Routes on Client:

Code: Select all

Netzwerkziel    Netzwerkmaske          Gateway    		Schnittstelle 		Metrik
0.0.0.0		0.0.0.0     		192.168.10.1    	192.168.10.10    	281
10.5.0.1  	255.255.255.255        	10.5.0.5         	10.5.0.6    		291
10.5.0.4  	255.255.255.252   	Auf Verbindung  	10.5.0.6    		291
10.5.0.6  	255.255.255.255   	Auf Verbindung  	10.5.0.6    		291
10.5.0.7  	255.255.255.255   	Auf Verbindung  	10.5.0.6    		291
172.16.0.0      255.255.0.0         	10.5.0.5         	10.5.0.6    		291

tcpdump on gw01:

Code: Select all

root@gw01:/etc/openvpn# tcpdump -i tun0 -vvv
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
22:21:12.002275 IP (tos 0x0, ttl 128, id 31064, offset 0, flags [none], proto ICMP (1), length 60)
    10.5.0.6 > 172.16.0.1: ICMP echo request, id 1, seq 271, length 40
22:21:16.559827 IP (tos 0x0, ttl 128, id 31065, offset 0, flags [none], proto ICMP (1), length 60)
    10.5.0.6 > 172.16.0.1: ICMP echo request, id 1, seq 272, length 40

tcpdump on gw02:

Code: Select all

[2.4.2-RELEASE][root@gw02]/root: tcpdump -i ovpns1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpns1, link-type NULL (BSD loopback), capture size 262144 bytes

I dont know it thats relevant but the whole project runs in a virtual box test-lab.

Many thanks in advance.

TinCanTech · Post by **TinCanTech** » Sun Feb 11, 2018 9:39 pm

HOWTO: Routing all client traffic (including web-traffic) through the VPN

chronus · Post by **chronus** » Mon Feb 12, 2018 7:35 am

Hello TinCanTech,

this is not what im trying to achieve.
Only the traffic to the internal networks mentioned above should be routed through the vpn.
Traffic to the internet should use the clients deafult gateway.

OpenVPN Support Forum

VPN Server not forwarding packets

VPN Server not forwarding packets

Re: VPN Server not forwarding packets

Re: VPN Server not forwarding packets