I have setup an OpenVPN server in my home LAN on a Ubuntu VM. OpenVPN version is "2.4.7-1ubuntu2", Ubuntu version is is "20.04.2 LTS".
My router's (Unifi USG) WAN is connected to a fiber provider ("Deutsche Glasfaser") where only the IPv6 is directly accessible (there is a public IPv4, but this from a carrier grade NAT range not reachable from the internet) and OpenVPN is set up with IPv6 support. So I opened port 1194 for UDP in the router's firewall to the public IPv6 address of my OpenVPN server and registered the IPv6 address with a DynDNS provider.
OpenVPN client (iPhone not connected to LAN but to 4G with IPv6 address) connects immediately and some things work as expected:
- I can ping all the servers on my internal network from the iPhone using their IPv4 addresses
- I can SSH into the hosts where SSH is available
- I can also ping the IP of the connected iOS client from my servers
- I cannot open a web site hosted on one of my local servers
- I cannot RDP into one of my Windows servers (telnet to port 3389 on the same server works, so I can reach the server/port, just no response)
- And what is really strange: I have an iPerf3 server running on one of my VMs which I use for intranet performance measurements. The OpenVPN client can upload to the iPerf3 server with no problems with the expected line speed but cannot download (no error, just a rate of 0 bytes). And I can ping the iOS client from the server running iPerf3
This is my OpenVPN server.conf file:
Server Config
port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.0.1"
push "redirect-gateway def1"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_DMmF4CvEG4i12glA.crt
key server_DMmF4CvEG4i12glA.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
#push "route 192.168.0.0 255.255.255.0"
client-to-client
Also had a 'push "route 192.168.0.0 255.255.255.0"' originally in the conf - makes no difference, all above still working / not working as before.
IP forwarding is enabled on the server running OpenVPN and routing between tun0 / eth0 enabled:
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Any suggestions / ideas?
Chris