Routing between Ubuntu Server and Edge Router

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
joshhboss
OpenVpn Newbie
Posts: 7
Joined: Mon Feb 15, 2021 9:11 pm

Routing between Ubuntu Server and Edge Router

Post by joshhboss » Tue Feb 16, 2021 4:26 am

I have been going crazy trying to get these two networks to route to each other.. i was finally able to get at least routing from my edge router to the ubuntu server in the cloud. but now im having issues routing back. I was hoping someone could take a look at what ive got and let me know if im missing something..

First the server in the cloud server.conf

Server config
port 443
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 10.8.0.0 255.255.255.0"
route 10.55.1.0 255.255.255.0 10.8.0.2 1
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_RuIq0po5d1S6uKBC.crt
key server_RuIq0po5d1S6uKBC.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3


now the ovpn config file of my edge router

Client config
client
proto tcp-client
remote public.ip 443
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_RuIq0po5d1S6uKBC name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#ignore-unknown-option block-outside-dns
#setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3


and here is the ip route of the ubuntu server.. i figured it should be working..

Code: Select all

root@joshopenvpn:~# ip route
default via 161.XX.XX.1 dev eth0 proto static 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 
10.10.0.0/16 dev eth0 proto kernel scope link src 10.10.0.11 
10.55.1.0/24 via 10.8.0.2 dev tun0 metric 1 
10.136.0.0/16 dev eth1 proto kernel scope link src 10.136.0.4 
161.XXX.XX.0/20 dev eth0 proto kernel scope link src 161.XXX.XXX.XX
Any help would be greatly appreciated..
Thank you !!!

also my network is the 10.55.1.0/24.. from my edge routers lan 10.55.1.0/24 i can reach the ubuntun server but i can not get back.)
Last edited by Pippin on Tue Feb 16, 2021 12:51 pm, edited 1 time in total.
Reason: Formatting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8957
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing between Ubuntu Server and Edge Router

Post by TinCanTech » Tue Feb 16, 2021 5:09 am

joshhboss wrote:
Tue Feb 16, 2021 4:26 am
i was finally able to get at least routing from my edge router to the ubuntu server in the cloud. but now im having issues routing back.
Ask your cloud provider why their cloud not work.

joshhboss
OpenVpn Newbie
Posts: 7
Joined: Mon Feb 15, 2021 9:11 pm

Re: Routing between Ubuntu Server and Edge Router

Post by joshhboss » Tue Feb 16, 2021 11:22 am

You really think so?

300000
OpenVPN Expert
Posts: 507
Joined: Tue May 01, 2012 9:30 pm

Re: Routing between Ubuntu Server and Edge Router

Post by 300000 » Tue Feb 16, 2021 3:18 pm

You need set up site to site to get it back from server to client. Without site to site server unbutu never ping to client . That is your server dont know how to route to client.i know you put the route 10.55.1.0 255.255.255.0 10.8.0.2 1 but it not going to work as you think and if you want to make it work you need use iroute in server and NAT and forward from client router to make it ping from server to client.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8957
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing between Ubuntu Server and Edge Router

Post by TinCanTech » Tue Feb 16, 2021 4:43 pm

300000 wrote:
Tue Feb 16, 2021 3:18 pm
You need set up site to site to get it back from server to client. Without site to site server unbutu never ping to client
Utter nonsense

300000
OpenVPN Expert
Posts: 507
Joined: Tue May 01, 2012 9:30 pm

Re: Routing between Ubuntu Server and Edge Router

Post by 300000 » Tue Feb 16, 2021 5:41 pm

get these two networks to route to each other.
Without setting site to site you will never make routing between two network. Only client to server will only do one way from client to server but not from server to client.

Come back to your questions you are asking is routing two net works . The thing is when routte each point become a node so it need routing table to route correctly destination. At the moment your setup is client to server so it cant do both way.

You need to research iroute on server to know how server route back to client. Without iroute server does not know when to route back to client subnet

This is free ware and people share what we know so you can do it yourself and learn from it . Forget other come here to make you confuse and offer paid service. They never help you solve problems but couse more trouble.

joshhboss
OpenVpn Newbie
Posts: 7
Joined: Mon Feb 15, 2021 9:11 pm

Re: Routing between Ubuntu Server and Edge Router

Post by joshhboss » Tue Feb 16, 2021 7:30 pm

TinCanTech wrote:
Tue Feb 16, 2021 4:43 pm
300000 wrote:
Tue Feb 16, 2021 3:18 pm
You need set up site to site to get it back from server to client. Without site to site server unbutu never ping to client
Utter nonsense
Just getting started trying to learn.. any links or info you could share with me on how to properly edit configs to make them site to site.. also if i were able to getting another edge router to this server, would the site to site change help the ultimate goals of getting the two routers to route to each other through the ubuntu server..

Appreciate you help and patience..

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8957
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing between Ubuntu Server and Edge Router

Post by TinCanTech » Tue Feb 16, 2021 8:07 pm

You want a standard OpenVPN Server setup.

Start with the Howto and see the "Expanding the scope.." section.

300000
OpenVPN Expert
Posts: 507
Joined: Tue May 01, 2012 9:30 pm

Re: Routing between Ubuntu Server and Edge Router

Post by 300000 » Tue Feb 16, 2021 11:23 pm

You need to use winspc to connect to your ubuntu server . Explore to openvpn folder and create a folder name cdd
open folder and create a name as certificate common name of openvpn client and open that file add this one.

iroute 10.55.1.0 255.255.255.0

open server config and add this

route 10.55.1.0 255.255.255.0

The gateway leave it empty , When openvpn client connect it , server will scant it and assign an ip . That ip will be use in to add into routing table . for example when your client name openvpnclient connect to server . server will scant its certificate to find the name and assign an ip 10.8.0.2 and then it find an iroute command inside with subnet 10.55.1.0 . it add route command like this " route add 10.55.1.0 mark 255.255.255.0 10.8.0.2" that is why the route command don't need gateway . only client's subnet and subnet mark

That is enough for server routing to client.

ssh to your router and making NAT and IP forward as you do at server so when client from server can connect to client from your home subnet.

That is all you need to make site to site connection, If you cant do NAT and IP forward in openvpn client side from server subnet client only can ping to openvpn client , when it come to openvpn client it stop and don't know when to go that is why you need do NAT and IP Forward both side to make it work. After that both subnet from server can connect to all subnet from client.

joshhboss
OpenVpn Newbie
Posts: 7
Joined: Mon Feb 15, 2021 9:11 pm

Re: Routing between Ubuntu Server and Edge Router

Post by joshhboss » Wed Feb 24, 2021 3:07 am

I did not have any luck doing that. I can get connectivity from my edge routers network 10.55.1.0/24. over to the openvpn network but i can not get from my phone that gets a 10.8.0.4 address back to the 10.55.1.0/24.
here is my ovpn config that i add to my edge router .

Code: Select all

oshhboss@JoshCrib10X:/config/auth$ cat ./JoshHomeRouter.ovpn
client
proto tcp-client
remote public-IP 443
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_p1rMATngkRvhS340 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
route-nopull
The reason i added the route-nopull was because the original config pushed all my network traffic and i didnt want that. for the mobile devices and stuff thats cool but i just wanted to use this openvpn server to get my routers that were both behind nats to route to each other.

here is my server conf.

Code: Select all

port 443
client-to-client
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
route 10.55.1.0 255.255.255.0 
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_p1rMATngkRvhS340.crt
key server_p1rMATngkRvhS340.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
here is my routing table that actually learns the routed or its treated as connected route

Code: Select all

IP Route Table for VRF "default"
S    *> 0.0.0.0/0 [210/0] via 10.254.254.1, eth0
C    *> 0.0.0.0/23 is directly connected, vtun0
C    *> 0.0.0.0/24 is directly connected, vtun3
C       0.0.0.0/24 is directly connected, wg1
C       0.0.0.0/24 is directly connected, wg2
C    *> 10.3.2.0/24 is directly connected, wg1
C    *> 10.7.6.0/24 is directly connected, wg2
C    *> 10.8.0.0/24 is directly connected, vtun3
and here is my rule

Code: Select all

set service nat rule 5000 description OPENVPN
set service nat rule 5000 destination address 10.8.0.0/24
set service nat rule 5000 log disable
set service nat rule 5000 outbound-interface vtun3
so my lan can go to 10.8.0.4 but i can not get back from my phone that has 10.8.0.4.

Code: Select all

root@joshopenvpn:/etc/openvpn/ccd# ls
JoshPhone
root@joshopenvpn:/etc/openvpn/ccd# cat ./JoshPhone
iroute 10.55.1.0 255.255.255.0
root@joshopenvpn:/etc/openvpn/ccd# 

help, im really trying to learn this..

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8957
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing between Ubuntu Server and Edge Router

Post by TinCanTech » Wed Feb 24, 2021 4:17 am

joshhboss wrote:
Wed Feb 24, 2021 3:07 am
The reason i added the route-nopull was because
because .. you did not read the manual.

Openvpn route-nopull is the equivalent of a Harkonnen heart plug..

joshhboss
OpenVpn Newbie
Posts: 7
Joined: Mon Feb 15, 2021 9:11 pm

Re: Routing between Ubuntu Server and Edge Router

Post by joshhboss » Wed Feb 24, 2021 10:07 pm

TinCanTech wrote:
Wed Feb 24, 2021 4:17 am
joshhboss wrote:
Wed Feb 24, 2021 3:07 am
The reason i added the route-nopull was because
because .. you did not read the manual.

Openvpn route-nopull is the equivalent of a Harkonnen heart plug..
thank you.. that was so helpful.. and just pushes me in the right direction for this issue.. dont you just hate people that come to forums and dont already know the answers to their questions.. the nerve..

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8957
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing between Ubuntu Server and Edge Router

Post by TinCanTech » Wed Feb 24, 2021 10:19 pm

joshhboss wrote:
Wed Feb 24, 2021 10:07 pm
dont you just hate people that come to forums and dont already know the answers to their questions.. the nerve..
:lol:
TinCanTech wrote:
Tue Feb 16, 2021 8:07 pm
You want a standard OpenVPN Server setup
joshhboss wrote:
Wed Feb 24, 2021 3:07 am
I did not have any luck doing that.
Then try again because that is what you need and I already told you that.
joshhboss wrote:
Wed Feb 24, 2021 3:07 am
The reason i added the route-nopull was because
Just don't use it. The devs have even considered removing it ...
joshhboss wrote:
Wed Feb 24, 2021 3:07 am
i just wanted to use this openvpn server to get my routers that were both behind nats to route to each other
And that is one of the ways Openvpn is used on a regular basis.

Once you have setup openvpn correctly. if it still does not work then you need to learn about routing.

:mrgreen:

Edit: If you prefer then you can use multiple openvpn instances to create classic point-to-point tunnels .. but why bother, just follow the howto and learn the new way. Technically, the new way is slightly more secure.
Last edited by TinCanTech on Wed Feb 24, 2021 10:27 pm, edited 3 times in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8957
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing between Ubuntu Server and Edge Router

Post by TinCanTech » Wed Feb 24, 2021 10:22 pm

300000 wrote:
Tue Feb 16, 2021 5:41 pm
Without setting site to site you will never make routing between two network. Only client to server will only do one way from client to server but not from server to client.
This is also totally incorrect.

300000
OpenVPN Expert
Posts: 507
Joined: Tue May 01, 2012 9:30 pm

Re: Routing between Ubuntu Server and Edge Router

Post by 300000 » Wed Feb 24, 2021 11:32 pm

If you want two network talk each other you need to set up site to site or it will never work. going to check how to do and do it yourself , in your server don't have any info how it can route back to client that is simple answer. you need to learn to do it.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8957
Joined: Fri Jun 03, 2016 1:17 pm

Re: Routing between Ubuntu Server and Edge Router

Post by TinCanTech » Thu Feb 25, 2021 12:01 am

300000 wrote:
Wed Feb 24, 2021 11:32 pm
If you want two network talk each other you need to set up site to site or it will never work
No you do not.

Openvpn Server-to-multi-client is perfectly capable of routing between two or more networks.

300000
OpenVPN Expert
Posts: 507
Joined: Tue May 01, 2012 9:30 pm

Re: Routing between Ubuntu Server and Edge Router

Post by 300000 » Thu Feb 25, 2021 2:10 pm

This topic have the same as your trouble , want to connect two subnet over openvpn. He can make it work and he is happy now. , there are many tutorial on this subject and you need to research and do it yourself. just looking keyword iroute for site to site and why they need it in which situation? If the manually tell you how it work you should be following that way .Remember two network interconnect not client to site. they need proper route Infor to make it work . If that route info not give to server by using iroute it will never work for you.

viewtopic.php?f=6&t=31661

Post Reply