I've one Raspi with two servers. Now I want that a client from one server can communicate with a client from the other server by using the standard IP-adress not the VPN-IP-adress.
RasPi
..........................................................................+----------------------------------------------------------------------------------------+
......................................................................... | ..................................................... |...................................................|
..........................................................................|.......................................................|...................................................|
..........................................................................|.................Server 1........................|................Server 2......................|
..........................................................................|.IP(tun0): 10.8.4.1..........................|.IP(tun1): 10.8.5.1......................|
..........................................................................|.......................................................|...................................................|
..........................................................................|.......................................................|...................................................|
..........................................................................|.......................................................|...................................................|
..........................................................................|................./.....................................|................................\..................|
..........................................................................+------------/-------------------------------------------------------------\--------------+
......................................................................................../.............................................................................\
....................................................................................../.................................................................................\
..................................................................................../.....................................................................................\
................................................................................../........................................................................................\
.................................................................+--------------------------------+.................................................+----------------------------------+
.................................................................|...............Client 1.............|..................................................|.................Client 2.............|
.................................................................|IP(etho): 192.168.185.1 |...................................................|IP(eth0): 192.168.174.1...|
.................................................................|IP(tun0): 10.8.4.18.........|...................................................|IP(tun0): 10.8.5.6........... |
.................................................................+--------------------------------+.................................................+----------------------------------+
I'm able to Ping from the RasPi to the addresses 192.168.185.1, 192.168.174.1, 10.8.4.18 and 10.8.5.6. I'm also able to Ping from Client 1 to Client 2 (and the other way) with the VPN-IP-adresses (10.8.4.18 and 10.8.5.6).
But I'm not able to Ping from one Client to the other with the standard-IP-adresses. But that's what I want to. How can I solve this Problem?
Following you can see the configurations from the servers and the ccd-files
configuration Server 1:
[oconf=]
mode server
tls-server
port 1198
proto udp
dev tun
ca /home/vpn/openvpn_1198_2/config/ca.crt
cert /home/vpn/openvpn_1198_2/config/server.crt
key /home/vpn/openvpn_1198_2/config/server.key
dh /home/vpn/openvpn_1198_2/config/dh2048.pem
server 10.8.4.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.5.0 255.255.255.0"
client-config-dir /home/vpn/openvpn_1198/config/ccd
route 192.168.185.0 255.255.255.0 10.8.4.1
client-to-client
keepalive 10 120
tls-auth /home/vpn/openvpn_1198_2/config/ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 20
[/oconf]
configuration Server 2:
[oconf=]
port 1199
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
server 10.8.5.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.8.5.0 255.255.255.0"
push "route 10.8.4.0 255.255.255.0"
client-config-dir ccd
route 192.168.174.0 255.255.255.0
route 192.168.185.0 255.255.255.0 10.8.4.1
route 10.8.5.0 255.255.255.0
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
[/oconf]
ccp-file client 1:
[oconf=]
iroute 192.168.185.0 255.255.255.0 10.8.4.1
push "route 192.168.174.0 255.255.255.0 10.8.4.1"
[/oconf]
ccp-file client 2:
[oconf=]
iroute 192.168.174.0 255.255.255.0
push "route 192.168.185.0 255.255.255.0 10.8.4.1 "
[/oconf]
I tried here and there so some things might be senseless.
If you need further information let me know.
As you see, I also don't really know how to work with the Config-Parser ([oconf=][/oconf]) and how to delete my messages maybe somebody could tell me.
connect two server in one raspberry
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Nov 25, 2021 1:25 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: connect two server in one raspberry
Your two initial posts have been hidden, as per your request.
As for your problem ... that is one tortured diagram ..
Best thing todo is work methodically through this and find the break point:
https://community.openvpn.net/openvpn/w ... rversubnet
Also, make sure to enable IP_Forwarding
As for your problem ... that is one tortured diagram ..
Best thing todo is work methodically through this and find the break point:
https://community.openvpn.net/openvpn/w ... rversubnet
Also, make sure to enable IP_Forwarding
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Nov 25, 2021 1:25 pm
Re: connect two server in one raspberry
first thanks for your help.
ok sorry i thought it's a wonderful picture . But i draw it you can find it here: https://drive.google.com/file/d/1LaXTZ_ ... sp=sharingthat is one tortured diagram ..
I already read this but I didn't find a solution. Maybe there is something i don't see.Best thing todo is work methodically through this and find the break point:
https://community.openvpn.net/openvpn/w ... rversubnet
IP-Forwarding is enabled.Also, make sure to enable IP_Forwarding
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Nov 25, 2021 1:25 pm
Re: connect two server in one raspberry
I think i've a solution. I've to add the routes in the server configurations.
Server 1:
Server 2:
But the problem is that every client can connect these clients...
Server 1:
Code: Select all
push "route 192.168.174.0 255.255.255.0"
Code: Select all
push "route 192.168.185.0 255.255.255.0"
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: connect two server in one raspberry
dominik1905 wrote: ↑Fri Nov 26, 2021 10:32 amthe problem is that every client can connect these clients