Ip mismatch between the tun interface and the routes. Cannot reach the clients.

[rocketman11]

My office Debian 9 server is a client of OpenVPN server (Debian 11) on a customer network. There are 200 other servers on the customer network that can only be reached via openvpn from my office client. I have to use TCP due to some customer restrictions but that's not the issue here.

The server config is:

Code: Select all

client-to-client
cipher AES-256-CBC
port 80
proto tcp
dev tun
ca keys/ca.crt
cert keys/photon.crt 
key keys/photon.key
dh keys/dhparams.pem
duplicate-cn
topology subnet
server 192.168.1.0 255.255.255.0
ifconfig-pool-persist ips.txt
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log-append   /var/log/openvpn.log
verb 3
client-config-dir ccd

The clients have the same config and certificates (with same common names) except my office client. I created a separate cert with hostname as CN for the office client.

Client config file of my office server:

Code: Select all

cipher AES-256-CBC
client
#mssfix
dev tun1
#tun-mtu 1440
proto tcp
tls-client
remote 172.16.55.40 80
resolv-retry infinite
nobind
persist-key
persist-tun
log-append /var/log/photon-openvpn.log
#comp-lzo
verb 3
keepalive 10 120
#tls-version-min 1.0
# Disable this if it causes issues.
#tls-cipher "DEFAULT:@SECLEVEL=0"
<ca>
xxx
</ca>
<key>
xxx
</key>
<cert>
xxx
</cert>

The output of ip r commmand on the office client is showing all the client routes:

Code: Select all

10.34.48.88 via 192.168.1.10 tun1 
X via 192.168.1.10 tun1 
and so on.

However, I cannot reach 10.34.48.88 from the office client because it has been assigned an ip of 192.168.1.8 and the routing table has this entry:

Code: Select all

192.168.1.0/24 dev tun1 proto kernel scope link src 192.168.1.8 

There is a mismatch between route which is via 192.168.1.10 tun 1 and the ip of the tun1 adapter itself which is 192.168.1.8