I've got a OpenVPN Server running on AWS and I can ping anything from the OpenVPN Server, even other subnets. I have two subnets:
10.0.0.0/24 (this contains the OpenVPN Server).
10.0.1.0/24 (this contains a Ubuntu machine).
The OpenVPN subnet is 172.27.224.0/20 (default from AWS AMI).
From the OpenVPN server I can ping everything on the internet (google etc), I can ping the Ubuntu machine that's in the different subnet (10.0.1.0/24) and I can also ping (quite obvious I'd say) the clients that are connected to the OpenVPN Server.
The things where I'm having problems with are: I can't ping ANY OpenVPN Clients (172.27.224.0/20 subnet) from my Ubuntu machine which is located in a different subnet that the OpenVPN Server is. However, I can ping the OpenVPN Server itself just fine, which is also in a different subnet (10.0.0.0/24).
So the connection between the two subnets; 10.0.0.0/24 and 10.0.1.0/24 seem fine as they can both ping each other. The only problem is the Ubuntu machine from the 10.0.1.0/24 subnet can't ping any OpenVPN Client that are in the OpenVPN Subnet (172.27.232.2 for example).
iptables on OpenVPN Server
Code: Select all
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
AS0_NAT_PRE_REL_EST all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_DPFWD_UDP udp -- anywhere ip-10-0-0-195.eu-central-1.compute.internal udp dpt:openvpn state NEW
AS0_DPFWD_TCP tcp -- anywhere ip-10-0-0-195.eu-central-1.compute.internal tcp dpt:https state NEW
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
AS0_NAT_POST_REL_EST all -- anywhere anywhere state RELATED,ESTABLISHED
AS0_NAT_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000
Chain AS0_DPFWD_TCP (1 references)
target prot opt source destination
DNAT tcp -- anywhere anywhere to:10.0.0.195:914
ACCEPT all -- anywhere anywhere
Chain AS0_DPFWD_UDP (1 references)
target prot opt source destination
DNAT udp -- anywhere anywhere to:10.0.0.195:916
ACCEPT all -- anywhere anywhere
Chain AS0_NAT (3 references)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain AS0_NAT_POST_REL_EST (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain AS0_NAT_PRE (1 references)
target prot opt source destination
AS0_NAT all -- anywhere anywhere mark match 0x8000000/0x8000000
AS0_NAT_TEST all -- anywhere link-local/16
AS0_NAT_TEST all -- anywhere ip-192-168-0-0.eu-central-1.compute.internal/16
AS0_NAT_TEST all -- anywhere ip-172-16-0-0.eu-central-1.compute.internal/12
AS0_NAT_TEST all -- anywhere ip-10-0-0-0.eu-central-1.compute.internal/8
AS0_NAT all -- anywhere anywhere
Chain AS0_NAT_PRE_REL_EST (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain AS0_NAT_TEST (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere mark match 0x4000000/0x4000000
ACCEPT all -- anywhere ip-172-27-224-0.eu-central-1.compute.internal/20
AS0_NAT all -- anywhere anywhere
Code: Select all
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Hope anyone has any experience with this issues. Thanks in advance!