I'm new here and I don't know how to set this up, or even where to look for answers, I've looked everywhere I can think of...but I need help with the following scenario if anyone is feeling kind -
I have a server that has an application running on it that talks to clients, this is bidirectional communication (all linux hosts). All clients are on the same subnet as the server. I have successfully setup the tunnel on the client side to talk with the server however, I cannot get the server to communicate with the clients through the tunnel. This is a bad picture but hopefully it will get the point across ...
This is the way I want it to work:
world <-> server <-> eth0 <-> tun0 .....tun0 <-> eth0 <-> client
but its working like this:
communication from client goes to server through the tunnel but the return goes through the regular device.
server <- eth0 <- tun0 .....tun0 <- eth0 <- client
server -> eth0 ....-> eth0 -> client
I've tried setting up some static routes and tried forwarding through iptables but I can't seem to get it to work. I've also tried bridging the tap/eth devices on the server but that was not successful either.
I've been using tcpdump to inspect the traffic but I only see traffic from the client out, nothing going to the client.
I've also been scouring the internets for any info I can regarding this setup but I'm not even exactly sure how to describe it.
If someone could help and either let me know how to do this or point me in the right direction I would greatly appreciate it.
I'm using CentOS as my base os with openvpn-2.4.6-1.
In this sceanrio my server is 192.168.78.19,
client is 192.168.77.24
tunnel is default 10.8.0.0 subnet
I'm trying to use port 4001 for specific reasons
Basically I want all traffic from my server destined for 192.168.77.24 to go through the tunnel to the appropriate client.
Here's my server config:
proto tcp
dev tun
ca ca.crt
cert server.crt
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
max-clients 150
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 6
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.78.0 255.255.252.0"
client config:
dev tun1
proto tcp
remote 192.168.78.19 4001
topology subnet
resolv-retry infinite
bind
persist-key
persist-tun
verb 3
... the rest of the keys