I have a linux machine "Ubuntu 18.04.1 LTS" with open-vpn server behind cisco ASA.
My linux machine is connected in LAN with local ip: 192.168.2.15
My ip tun0 is: 10.8.0.1
When i connect my road warrior windows pc the connection is working properly, on windows i have tunnel up ip: 10.8.0.3/24 and local ip 192.168.55.22/24 and i ping every server's behind cisco ASA!! all OK
The problem is the other way around, i want to ping local ip address of my road warriors windows pc (192.168.55.22/24 ) from server's behind cisco ASA, but I don't know how I can do it!!
https://www.biteam.it/temp/openpvn-rw.jpg
can you help me, please?
this is my openvpn server configuration:
Code: Select all
local 192.168.2.15
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.10"
#push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
Code: Select all
[Unit]
Before=network.target
[Service]
Type=oneshot
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.2.15
ExecStart=/sbin/iptables -I INPUT -p udp --dport 1194 -j ACCEPT
ExecStart=/sbin/iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStart=/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStop=/sbin/iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 192.168.2.15
ExecStop=/sbin/iptables -D INPUT -p udp --dport 1194 -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Code: Select all
client
dev tun
proto udp
remote 91.187.192.10 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
auth-nocache
<ca>