I have a problem: after configuring and checking several times my configuration, the OpenVPN server can not ping the client, and therefore access the client network.
Here is my diagram:
Client Network 1 (192.168.2.0) ==> Internet <== Server Network (192.168.1.0)
Client Network 1:
- OpenVPN Server: 192.168.2.2
- Gateway: 192.168.2.1
Server Network:
- OpenVPN Server: 192.168.1.2
- Gateway: 192.168.1.1
Server Configuration (server.conf):
server.conf
port XXX
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
route 192.168.2.0 255.255.255.0
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 2
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
explicit-exit-notify 1
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
route 192.168.2.0 255.255.255.0
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 2
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
explicit-exit-notify 1
Server Route:
Code: Select all
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 ens18
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens18
192.168.2.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
Client configuration :
client.conf
client
dev tun
proto udp
remote XXX.XXX.XXX.XXX XXX
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
remote-cert-tls server
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
dev tun
proto udp
remote XXX.XXX.XXX.XXX XXX
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
remote-cert-tls server
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
Client route :
Code: Select all
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 10.8.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens18
Code: Select all
# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=5.04 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=4.96 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=6.63 ms
Code: Select all
# telnet 192.168.1.2 22
Trying 192.168.1.2...
Connected to 192.168.1.2.
Escape character is '^]'.
From the Server :
Code: Select all
# ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
^C
--- 192.168.2.2 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4083ms
Code: Select all
# telnet 192.168.2.2 22
Trying 192.168.2.2...
telnet: Unable to connect to remote host: Connection timed out
An idea ? Thanks !