Cant connect to other devices on network

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
derekavk
OpenVpn Newbie
Posts: 1
Joined: Tue Sep 10, 2019 4:53 pm

Cant connect to other devices on network

Post by derekavk » Tue Sep 10, 2019 5:53 pm

Server is CentOS 7 running on top of vmware.
Has two nic cards.

Internal IP address: 192.168.10.1
Internal network: 192.168.10.0
netmask: 255.255.255.0
has external ip, but dont want to list it in public forum.

server configuration is:
local #.#.#.#
port 1194
proto udp
device tap0
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.10.1 255.255.255.0 192.168.10.201 192.168.10.220
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist tun
status openvpn-status.log
verb 6
explicit-exit-notify 1
script-security 2

i created the bridge and tap as follows:
openvpn --mktun --dev tap0
brctl addbr br0
brctl addif br0 ens160

brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
ifconfig ens160 0.0.0.0 promisc up
ifconfig br0 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT

I tried turning off firewall as well

systemctl stop firewalld


test box in internal network is 192.168.10.176
test box and server can ping each other.

Client is windows 7
It can connect to the server and ping it.
Client cant ping the test box though.
client has this route after connecting to openvpn server

===========================================================================
Interface List
 14...00 ff 42 a7 d1 4c ......TAP-Windows Adapter V9
 10...00 0c 29 5f d9 49 ......Intel(R) PRO/1000 MT Network Connection
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.120    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.120    266
    192.168.2.120  255.255.255.255         On-link     192.168.2.120    266
    192.168.2.255  255.255.255.255         On-link     192.168.2.120    266
     192.168.10.0    255.255.255.0         On-link    192.168.10.201    266
   192.168.10.201  255.255.255.255         On-link    192.168.10.201    266
   192.168.10.255  255.255.255.255         On-link    192.168.10.201    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.120    266
        224.0.0.0        240.0.0.0         On-link    192.168.10.201    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.120    266
  255.255.255.255  255.255.255.255         On-link    192.168.10.201    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.2.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 14    266 fe80::/64                On-link
 10    266 fe80::9d4c:268:d139:8f6a/128
                                    On-link
 14    266 fe80::e0a5:8112:cae2:e451/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
 14    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None






I found this command
tcpdump -nnel -i br0 icmp
it shows the ping when i ping the server from the client but nothing when i try to ping the test box.



the output from the openvpn server though looks like it is getting the data.

when pinging the server i see this

derek/##.##.##.##:21109 TUN WRITE [74]
GET INST BY VIRT: 00:ff:42:a7:d1:4c -> derek/##.##.##.##:21109 via 00:ff:42:a7:d1:4c
derek/##.##.##.##:21109 TUN READ [74]
derek/##.##.##.##:21109 TLS: tls_pre_encrypt: key_id=0
derek/##.##.##.##:21109 UDPv4 WRITE [98] to [AF_INET]#.#.#.#:21109: P_DATA_V2 kid=0 DATA len=97
MULTI: REAP range 128 -> 144
GET INST BY REALl: ##.##.##.##:21109 [ok]
derek/##.##.##.##:21109 UDPv4 READ [98] from [AF_INET]##.##.##.##:21109: P_DATA_V2 kid=0 DATA len=97
derek/##.##.##.##:21109 TLS: tls_pre_descrypt, key id=0, IP=[AF_INET]#.#.#.#:21109
derek/##.##.##.##:21109 PID_TEST [0] [SSL-0] [1224>] 0:5 0:6 t=1568136672[0] r=[-4,64,15,0,1] sl=[59,5,64,528]

when pinging the test box i see this

derek/##.##.##.##:58302 TUN WRITE [42]
MULTI: REAP range 176 -> 192
GET INST BY REAL: ##.##.##.##:58302 [ok]
derek/##.##.##.##:58302 UDPv4 READ [66] from [AF_INET]##.##.##.##:58302: P_DATA_V2 kid=0 DATA len=65
derek/##.##.##.##:58302 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]##.##.##.##:58302
derek/##.##.##.##:58302 PID_TEST [0] [SSL-0 [11>EEE] 0:6 0:7 t=1568137107[0] r=[-1,64,15,0,1] sl=[58,6,64,528]

derek/##.##.##.##:58302 TUN WRITE [42]
MULTI: REAP range 192 -> 208
GET INST BY REAL: ##.##.##.##:58302 [ok]
derek/##.##.##.##:58302 UDPv4 READ [66] from [AF_INET]##.##.##.##:58302: P_DATA_V2 kid=0 DATA len=65
derek/##.##.##.##:58302 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]##.##.##.##:58302
derek/##.##.##.##:58302 PID_TEST [0] [SSL-0 [122>EEE] 0:6 0:7 t=1568137108[0] r=[-2,64,15,0,1] sl=[57,7,64,528]

So, it seems to me that it is going back to the server. just not sure what is wrong after that.
Any help would be appreciated. been scouring the internet for help for weeks on this now. I know its got to be something simple.

Post Reply