I'm trying to connect two router using OpenVPN and allow machines on both side of the routers to talk to each other. I currently have a mixed success. I've learned quite a bit over the past two days about routing and iptables but I'm really not well versed at it so please bear with me . I'll describe the problems I currently encounter after describing the topology.
This is my setup:
Code: Select all
Host1 Router OpenVPN Server Internet OpenVPN Client Router Host2
TheBeast MrJones tun0 tun1 Pitchounette MBP
192.168.1.68 192.168.1.1 192.168.69.1 * * 192.168.69.2 192.168.10.1 192.168.10.100
MBP
- Can ping 192.168.10.100
- Can ping 192.168.10.1
- Cannot ping 192.168.69.1
- Can ping 192.168.69.2
- Cannot ping 192.168.1.1
- Cannot ping 192.168.1.68
- Can ping 192.168.10.100
- Can ping 192.168.10.1
- Can ping 192.168.69.1
- Can ping 192.168.69.2
- Can ping 192.168.1.1
- Can ping 192.168.1.68
- Cannot ping 192.168.10.100
- Cannot ping 192.168.10.1
- Can ping 192.168.69.1
- Can ping 192.168.69.2
- Can ping 192.168.1.1
- Can ping 192.168.1.68
- Cannot ping 192.168.10.100
- Cannot ping 192.168.10.1
- Can ping 192.168.69.1
- Can ping 192.168.69.2
- Can ping 192.168.1.1
- Can ping 192.168.1.68
1) Start by debugging why the server cannot ping all hosts on the client side just like the client can.
2) Then I'd like to debug why MBP cannot ping 192.168.69.1 \
3) which should then unlock pinging 192.168.1.1 and 192.168.1.68.
4) Finally, I'd like to have TheBeast able to ping MBP.
This is my server config:
Code: Select all
root@Mr Jones:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default cpe-68-175-16-1 0.0.0.0 UG 0 0 0 vlan2
68.175.16.0 * 255.255.240.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
169.254.0.0 * 255.255.0.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.2.0 * 255.255.255.0 U 0 0 0 wl0.1
192.168.10.0 192.168.69.1 255.255.255.0 UG 0 0 0 tun0
192.168.69.0 * 255.255.255.0 U 0 0 0 tun0
root@Mr Jones:~# ip route
default via 68.175.16.1 dev vlan2
68.175.16.0/20 dev vlan2 proto kernel scope link src 68.175.17.112
127.0.0.0/8 dev lo scope link
169.254.0.0/16 dev br0 proto kernel scope link src 169.254.255.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev wl0.1 proto kernel scope link src 192.168.2.1
192.168.10.0/24 via 192.168.69.1 dev tun0
192.168.69.0/24 dev tun0 proto kernel scope link src 192.168.69.1
root@Mr Jones:~# iptables -nvL INPUT
Chain INPUT (policy ACCEPT 33930 packets, 5281K bytes)
pkts bytes target prot opt in out source destination
8224 1153K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
1 40 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
1 52 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:69
4 200 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
20 1176 DROP tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
1383 105K ACCEPT 0 -- tun0 * 0.0.0.0/0 0.0.0.0/0
root@Mr Jones:~# iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10 696 ACCEPT 0 -- * * 192.168.69.0/24 192.168.1.0/24
10 696 ACCEPT 0 -- * * 192.168.1.0/24 192.168.69.0/24
0 0 ACCEPT 0 -- tun0 br0 0.0.0.0/0 0.0.0.0/0
2 120 ACCEPT 0 -- br0 tun0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 192.168.69.0/24 0.0.0.0/0
146K 14M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
330 29533 ACCEPT 0 -- wl0.1 * 0.0.0.0/0 0.0.0.0/0
5899 201K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5899 201K ACCEPT 0 -- br0 vlan2 0.0.0.0/0 0.0.0.0/0
0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
Code: Select all
root@Pitchounette:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.69.0 0.0.0.0 255.255.255.0 U 0 0 0 tun1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2
192.168.1.0 192.168.69.1 255.255.255.0 UG 0 0 0 tun1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 vlan2
root@Pitchounette:~# ip route
192.168.69.0/24 dev tun1 proto kernel scope link src 192.168.69.2
192.168.2.0/24 dev vlan2 proto kernel scope link src 192.168.2.12
192.168.1.0/24 via 192.168.69.1 dev tun1
192.168.10.0/24 dev br0 proto kernel scope link src 192.168.10.1
169.254.0.0/16 dev br0 proto kernel scope link src 169.254.255.1
127.0.0.0/8 dev lo scope link
default via 192.168.2.1 dev vlan2
root@Pitchounette:~# iptables -nvL INPUT
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
993 133K ACCEPT 0 -- tun1 * 0.0.0.0/0 0.0.0.0/0
19349 2248K logaccept 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 logaccept udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 logdrop udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logdrop udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logaccept udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 logdrop icmp -- vlan2 * 0.0.0.0/0 0.0.0.0/0
0 0 logdrop 2 -- * * 0.0.0.0/0 0.0.0.0/0
21 1494 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
4998 436K logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
524 154K logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0
root@Pitchounette:~# iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1064 89376 ACCEPT 0 -- * tun1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- tun1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * * 192.168.69.0/24 192.168.10.0/24
15 1260 ACCEPT 0 -- * * 192.168.10.0/24 192.168.69.0/24
0 0 ACCEPT 0 -- tun1 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- br0 tun1 0.0.0.0/0 0.0.0.0/0
133K 20M logaccept 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 logaccept 47 -- * vlan2 192.168.10.0/24 0.0.0.0/0
0 0 logaccept tcp -- * vlan2 192.168.10.0/24 0.0.0.0/0 tcp dpt:1723
5697 358K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 logaccept 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
5697 358K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
5512 349K logaccept 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
185 9572 logdrop 0 -- * * 0.0.0.0/0 0.0.0.0/0
Pierre-Luc