Server is CentOS 7 running on top of vmware.
Has two nic cards.
Internal IP address: 192.168.10.1
Internal network: 192.168.10.0
netmask: 255.255.255.0
has external ip, but dont want to list it in public forum.
server configuration is:
local #.#.#.#
port 1194
proto udp
device tap0
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.10.1 255.255.255.0 192.168.10.201 192.168.10.220
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist tun
status openvpn-status.log
verb 6
explicit-exit-notify 1
script-security 2
i created the bridge and tap as follows:
openvpn --mktun --dev tap0
brctl addbr br0
brctl addif br0 ens160
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
ifconfig ens160 0.0.0.0 promisc up
ifconfig br0 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
I tried turning off firewall as well
systemctl stop firewalld
test box in internal network is 192.168.10.176
test box and server can ping each other.
Client is windows 7
It can connect to the server and ping it.
Client cant ping the test box though.
client has this route after connecting to openvpn server
===========================================================================
Interface List
14...00 ff 42 a7 d1 4c ......TAP-Windows Adapter V9
10...00 0c 29 5f d9 49 ......Intel(R) PRO/1000 MT Network Connection
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.120 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.120 266
192.168.2.120 255.255.255.255 On-link 192.168.2.120 266
192.168.2.255 255.255.255.255 On-link 192.168.2.120 266
192.168.10.0 255.255.255.0 On-link 192.168.10.201 266
192.168.10.201 255.255.255.255 On-link 192.168.10.201 266
192.168.10.255 255.255.255.255 On-link 192.168.10.201 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.120 266
224.0.0.0 240.0.0.0 On-link 192.168.10.201 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.120 266
255.255.255.255 255.255.255.255 On-link 192.168.10.201 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.2.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
14 266 fe80::/64 On-link
10 266 fe80::9d4c:268:d139:8f6a/128
On-link
14 266 fe80::e0a5:8112:cae2:e451/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
14 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
I found this command
tcpdump -nnel -i br0 icmp
it shows the ping when i ping the server from the client but nothing when i try to ping the test box.
the output from the openvpn server though looks like it is getting the data.
when pinging the server i see this
derek/##.##.##.##:21109 TUN WRITE [74]
GET INST BY VIRT: 00:ff:42:a7:d1:4c -> derek/##.##.##.##:21109 via 00:ff:42:a7:d1:4c
derek/##.##.##.##:21109 TUN READ [74]
derek/##.##.##.##:21109 TLS: tls_pre_encrypt: key_id=0
derek/##.##.##.##:21109 UDPv4 WRITE [98] to [AF_INET]#.#.#.#:21109: P_DATA_V2 kid=0 DATA len=97
MULTI: REAP range 128 -> 144
GET INST BY REALl: ##.##.##.##:21109 [ok]
derek/##.##.##.##:21109 UDPv4 READ [98] from [AF_INET]##.##.##.##:21109: P_DATA_V2 kid=0 DATA len=97
derek/##.##.##.##:21109 TLS: tls_pre_descrypt, key id=0, IP=[AF_INET]#.#.#.#:21109
derek/##.##.##.##:21109 PID_TEST [0] [SSL-0] [1224>] 0:5 0:6 t=1568136672[0] r=[-4,64,15,0,1] sl=[59,5,64,528]
when pinging the test box i see this
derek/##.##.##.##:58302 TUN WRITE [42]
MULTI: REAP range 176 -> 192
GET INST BY REAL: ##.##.##.##:58302 [ok]
derek/##.##.##.##:58302 UDPv4 READ [66] from [AF_INET]##.##.##.##:58302: P_DATA_V2 kid=0 DATA len=65
derek/##.##.##.##:58302 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]##.##.##.##:58302
derek/##.##.##.##:58302 PID_TEST [0] [SSL-0 [11>EEE] 0:6 0:7 t=1568137107[0] r=[-1,64,15,0,1] sl=[58,6,64,528]
derek/##.##.##.##:58302 TUN WRITE [42]
MULTI: REAP range 192 -> 208
GET INST BY REAL: ##.##.##.##:58302 [ok]
derek/##.##.##.##:58302 UDPv4 READ [66] from [AF_INET]##.##.##.##:58302: P_DATA_V2 kid=0 DATA len=65
derek/##.##.##.##:58302 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]##.##.##.##:58302
derek/##.##.##.##:58302 PID_TEST [0] [SSL-0 [122>EEE] 0:6 0:7 t=1568137108[0] r=[-2,64,15,0,1] sl=[57,7,64,528]
So, it seems to me that it is going back to the server. just not sure what is wrong after that.
Any help would be appreciated. been scouring the internet for help for weeks on this now. I know its got to be something simple.
Cant connect to other devices on network
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
derekavk
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Sep 10, 2019 4:53 pm