OpenVPN connection issues, traceroute to other client

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nickolasm5
OpenVpn Newbie
Posts: 1
Joined: Thu Mar 02, 2023 11:08 am

OpenVPN connection issues, traceroute to other client

Post by nickolasm5 » Thu Mar 02, 2023 11:08 am

I have a Asus ac86u router with OpenVPN enabled. (192.168.3.1, 10.8.0.1) the network behind the router is 192.168.3.0 the OpenVpn network is 10.8.0.0

I have several windows machines (both physical and virtual that connect as needed) e.g. a windows machine connects to the router, gets the ip 10.8.0.11 (I've set up ip assignment for each username) and after that it is possiple to set port forwarding on the router to ip 10.8.0.11 so that machine is accesible from WAN. (eg forward port 3389 to 10.8.0.11)

Also I can traceroute 10.8.0.10 from 10.8.0.9 and etc.

But the same config for some matter does not work for the UBNTU server:

*client

dev tun

proto udp

remote SERVER 1194

resolv-retry infinite

nobind

float

ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC

keepalive 15 60

auth-user-pass passfile

redirect-gateway def1

route 0.0.0.0 192.0.0.0 net_gateway

route 64.0.0.0 192.0.0.0 net_gateway

route 128.0.0.0 192.0.0.0 net_gateway

route 192.0.0.0 192.0.0.0 net_gateway

route 192.168.3.0 255.255.255.0 vpn_gateway

route 10.8.0.0 255.255.255.0 vpn_gateway

remote-cert-tls server*

I've set up these routes, as I want all network traffic to go via local provider and not through the vpn. (if I remove redirect-gateway def1 port forwarding does not work for windows machines)

But starngely with that config thogh I am able to ping other vpn clients from the ubntu, I cannot traceroute them, and port forwarding does not work to the ubntu machine

If I remove all these routes - I am able to port forward to the UBNTU machine, but in that case all the traffic goes via the vpn.

this is what I have with that config

*0.0.0.0/2 via 192.168.1.1 dev ens160

0.0.0.0/1 via 10.8.0.1 dev tun1

default via 192.168.1.1 dev ens160 proto dhcp metric 100

10.8.0.0/24 via 10.8.0.1 dev tun1

10.8.0.0/24 dev tun1 proto kernel scope link src 10.8.0.12

10.9.0.0/24 via 10.9.0.2 dev tun0

10.9.0.2 dev tun0 proto kernel scope link src 10.9.0.1

64.0.0.0/2 via 192.168.1.1 dev ens160

92.100.147.49 via 192.168.1.1 dev ens160

128.0.0.0/2 via 192.168.1.1 dev ens160

128.0.0.0/1 via 10.8.0.1 dev tun1

169.254.0.0/16 dev ens160 scope link metric 1000

192.0.0.0/2 via 192.168.1.1 dev ens160

192.168.1.0/24 dev ens160 proto kernel scope link src 192.168.1.42 metric 100

192.168.3.0/24 via 10.8.0.1 dev tun1

192.168.3.0/24 via 10.8.0.1 dev tun1 metric 500

192.168.20.0/24 via 10.8.0.1 dev tun1*

What can cause that issue? What can be done to resolve it? Thanks in advance!

Post Reply