connect two server in one raspberry

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dominik1905
OpenVpn Newbie
Posts: 3
Joined: Thu Nov 25, 2021 1:25 pm

Re: connect two server in one raspberry

Post by dominik1905 » Thu Nov 25, 2021 2:30 pm

I've one Raspi with two servers. Now I want that a client from one server can communicate with a client from the other server by using the standard IP-adress not the VPN-IP-adress.
RasPi
..........................................................................+----------------------------------------------------------------------------------------+
......................................................................... | ..................................................... |...................................................|
..........................................................................|.......................................................|...................................................|
..........................................................................|.................Server 1........................|................Server 2......................|
..........................................................................|.IP(tun0): 10.8.4.1..........................|.IP(tun1): 10.8.5.1......................|
..........................................................................|.......................................................|...................................................|
..........................................................................|.......................................................|...................................................|
..........................................................................|.......................................................|...................................................|
..........................................................................|................./.....................................|................................\..................|
..........................................................................+------------/-------------------------------------------------------------\--------------+
......................................................................................../.............................................................................\
....................................................................................../.................................................................................\
..................................................................................../.....................................................................................\
................................................................................../........................................................................................\
.................................................................+--------------------------------+.................................................+----------------------------------+
.................................................................|...............Client 1.............|..................................................|.................Client 2.............|
.................................................................|IP(etho): 192.168.185.1 |...................................................|IP(eth0): 192.168.174.1...|
.................................................................|IP(tun0): 10.8.4.18.........|...................................................|IP(tun0): 10.8.5.6........... |
.................................................................+--------------------------------+.................................................+----------------------------------+

I'm able to Ping from the RasPi to the addresses 192.168.185.1, 192.168.174.1, 10.8.4.18 and 10.8.5.6. I'm also able to Ping from Client 1 to Client 2 (and the other way) with the VPN-IP-adresses (10.8.4.18 and 10.8.5.6).
But I'm not able to Ping from one Client to the other with the standard-IP-adresses. But that's what I want to. How can I solve this Problem?

Following you can see the configurations from the servers and the ccd-files

configuration Server 1:
[oconf=]
mode server
tls-server
port 1198
proto udp
dev tun
ca /home/vpn/openvpn_1198_2/config/ca.crt
cert /home/vpn/openvpn_1198_2/config/server.crt
key /home/vpn/openvpn_1198_2/config/server.key
dh /home/vpn/openvpn_1198_2/config/dh2048.pem
server 10.8.4.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.5.0 255.255.255.0"
client-config-dir /home/vpn/openvpn_1198/config/ccd
route 192.168.185.0 255.255.255.0 10.8.4.1
client-to-client
keepalive 10 120
tls-auth /home/vpn/openvpn_1198_2/config/ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
mute 20
[/oconf]


configuration Server 2:
[oconf=]
port 1199
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
server 10.8.5.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.8.5.0 255.255.255.0"
push "route 10.8.4.0 255.255.255.0"
client-config-dir ccd
route 192.168.174.0 255.255.255.0
route 192.168.185.0 255.255.255.0 10.8.4.1
route 10.8.5.0 255.255.255.0
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
[/oconf]

ccp-file client 1:
[oconf=]
iroute 192.168.185.0 255.255.255.0 10.8.4.1
push "route 192.168.174.0 255.255.255.0 10.8.4.1"
[/oconf]

ccp-file client 2:
[oconf=]
iroute 192.168.174.0 255.255.255.0
push "route 192.168.185.0 255.255.255.0 10.8.4.1 "
[/oconf]

I tried here and there so some things might be senseless.
If you need further information let me know.
As you see, I also don't really know how to work with the Config-Parser ([oconf=][/oconf]) and how to delete my messages maybe somebody could tell me.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: connect two server in one raspberry

Post by TinCanTech » Thu Nov 25, 2021 3:22 pm

Your two initial posts have been hidden, as per your request.

As for your problem ... that is one tortured diagram ..

Best thing todo is work methodically through this and find the break point:
https://community.openvpn.net/openvpn/w ... rversubnet

Also, make sure to enable IP_Forwarding

dominik1905
OpenVpn Newbie
Posts: 3
Joined: Thu Nov 25, 2021 1:25 pm

Re: connect two server in one raspberry

Post by dominik1905 » Fri Nov 26, 2021 9:18 am

first thanks for your help.
that is one tortured diagram ..
ok sorry i thought it's a wonderful picture :o :D. But i draw it you can find it here: https://drive.google.com/file/d/1LaXTZ_ ... sp=sharing

Best thing todo is work methodically through this and find the break point:
https://community.openvpn.net/openvpn/w ... rversubnet
I already read this but I didn't find a solution. Maybe there is something i don't see.

Also, make sure to enable IP_Forwarding
IP-Forwarding is enabled.

dominik1905
OpenVpn Newbie
Posts: 3
Joined: Thu Nov 25, 2021 1:25 pm

Re: connect two server in one raspberry

Post by dominik1905 » Fri Nov 26, 2021 10:32 am

I think i've a solution. I've to add the routes in the server configurations.
Server 1:

Code: Select all

push "route 192.168.174.0 255.255.255.0"
Server 2:

Code: Select all

push "route 192.168.185.0 255.255.255.0"
But the problem is that every client can connect these clients...

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: connect two server in one raspberry

Post by TinCanTech » Fri Nov 26, 2021 12:52 pm

dominik1905 wrote:
Fri Nov 26, 2021 10:32 am
the problem is that every client can connect these clients
:?: :roll:

Post Reply