Complex route behind client, not working

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
SaturnusDJ
OpenVPN User
Posts: 27
Joined: Thu Nov 24, 2011 11:17 pm
Location: Netherlands

Complex route behind client, not working

Post by SaturnusDJ » Wed Sep 18, 2019 3:20 pm

I've routed quite some stuff from the VPN server network to clients. Worked well.

Today I am trying to make something from the client available to nodes in the server's network.

On the client is VirtualBox. In VirtualBox is a Ubuntu VM. On this Ubuntu is Docker. In Docker is a container. On the other side of the VPN is a host that also runs Docker. A container needs to reach the container on the VM of the client.

Docker container server side(172.5.0.3 subnet /16)
Ubuntu VM (192.168.56.100 subnet /24 vbox host-only adapter and nat adapter, ip forwarding)
Mac OSX (192.168.2.6 /24 as IP in the VPN tun network, ip forwarding)
VPN host (192.168.2.1 in the VPN, 192.168.1.2 subnet /24 LAN, ip forwarding)
Docker container client side (172.2.0.20 subnet /16)

From the client side towards the server side, ping and traceroute work.
Opposite, no.

I have set up ccd according to https://openvpn.net/community-resources/how-to/
192.168.56.0 255.255.255.0 and 172.5.0.3 255.255.0.0 are added in ccd and server config. Client config dir enabled.

As by chance the Docker container server side actually really is on the server. So I am pinging and tracerouting from there. Nothing.
Routing on the server:

Code: Select all

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 enp2s0
172.2.0.0       0.0.0.0         255.255.0.0     U     0      0        0 br-b4f958c91e44
172.5.0.0       192.168.2.2     255.255.0.0     UG    0      0        0 tun0
172.20.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-98aca2b16399
172.102.0.0     0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 enp2s0
192.168.2.0     192.168.2.2     255.255.255.0   UG    0      0        0 tun0
192.168.2.2     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.56.0    192.168.2.2     255.255.255.0   UG    0      0        0 tun0

Code: Select all

traceroute to 172.5.0.3 (172.5.0.3), 30 hops max, 60 byte packets
 1  * * *
30 entries without anything. Same for 192.168.56.100.

Pinging the client from the server works, when using the VPN client side ip address.

Any clue?

SaturnusDJ
OpenVPN User
Posts: 27
Joined: Thu Nov 24, 2011 11:17 pm
Location: Netherlands

Re: Complex route behind client, not working

Post by SaturnusDJ » Fri Sep 20, 2019 10:46 am

It turn out to probably be a VirtualBox limitation.
https://www.virtualbox.org/manual/ch06.html

Host-only probably really is host only, decpite setting up routes that should make the host a forwarder.
It is currently solved with NAT port forwarding, which is still a limitation of course.

Post Reply