i have a problem with forwarding of packets to the subnet behind the vpn server.
My Setup:
Client ------> VPN-GW1 ------> VPN-GW2------> LAN
Subnet (Client - VPN-GW1):
10.5.0.0/22
Subnet (VPN-GW1 - VPN-GW2):
10.0.0.0/24
Subnet (LAN)
172.16.0.0/16
Ping works without problems from:
VPN-GW1 to VPN-GW2
VPN-GW1 to LAN
LAN to VPN-GW2
LAN to VPN-GW1
When i try to ping a host in the LAN from the Client the packets will not arrive at VPN-GW2 i can only see them at VPN-GW1 in tcpdump.
FIrewall is turned off at GW1 and IP Forwarding is enabled in systctl.
Also the routes are visible on my client and on VPN-GW1.
server
port 1195
proto udp
dev tun
server 10.5.0.0 255.255.252.0
push "route 172.16.0.0 255.255.0.0"
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
keepalive 10 120
cipher AES-128-CBC # AES
auth SHA256
comp-lzo
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
script-security 3 system
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3
client
client
dev tun
proto udp
remote 192.168.10.145 1195
cipher AES-128-CBC
auth SHA256
nobind
auth-user-pass
reneg-sec 432000
resolv-retry infinite
ca ca.crt
comp-lzo
Routes on GW01:
Code: Select all
default via 192.168.10.1 dev enp0s3
10.0.0.0/24 dev tun1 proto kernel scope link src 10.0.0.2
10.5.0.0/22 via 10.5.0.2 dev tun0
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1
172.16.0.0/16 via 10.0.0.1 dev tun1
192.168.10.0/24 dev enp0s3 proto kernel scope link src 192.168.10.145
Code: Select all
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.10 281
10.5.0.1 255.255.255.255 10.5.0.5 10.5.0.6 291
10.5.0.4 255.255.255.252 Auf Verbindung 10.5.0.6 291
10.5.0.6 255.255.255.255 Auf Verbindung 10.5.0.6 291
10.5.0.7 255.255.255.255 Auf Verbindung 10.5.0.6 291
172.16.0.0 255.255.0.0 10.5.0.5 10.5.0.6 291
tcpdump on gw01:
Code: Select all
root@gw01:/etc/openvpn# tcpdump -i tun0 -vvv
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
22:21:12.002275 IP (tos 0x0, ttl 128, id 31064, offset 0, flags [none], proto ICMP (1), length 60)
10.5.0.6 > 172.16.0.1: ICMP echo request, id 1, seq 271, length 40
22:21:16.559827 IP (tos 0x0, ttl 128, id 31065, offset 0, flags [none], proto ICMP (1), length 60)
10.5.0.6 > 172.16.0.1: ICMP echo request, id 1, seq 272, length 40
Code: Select all
[2.4.2-RELEASE][root@gw02]/root: tcpdump -i ovpns1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpns1, link-type NULL (BSD loopback), capture size 262144 bytes
Many thanks in advance.