I've been trying to set up an OpenVPN site-to-site tunnel for 2 days and I'm currently stuck with the following problem. :/
With the current configuration I can reach all servers in the client network from the server LAN network.
From the server on which the OpenVPN client is running I can also access the servers in the server LAN.
But now I want to extend the connection so that the other servers in the client network have access to the server network. The OpenVPN client should serve as a gateway.
Examples:
10.12.1.21--> 10.10.10.30 --> works \
10.10.10.30 --> 10.12.1.21 --> no connection \
10.12.1.21--> 10.10.11.105 --> works \
10.10.11.105 --> 10.10.10.30 --> works \
Network:
Server
LAN NETWORK: 10.12.0.0/16 \
OpenVPN LAN IP: 10.12.1.10 (default GW for all Servers in 10.12.0.0/16 network) \
OpenVPN Tunnel IP: 10.3.100.1
Client
LAN NETWORKS: 10.10.10.0/24, 10.10.11.0/24 \
OpenVPN LAN IP: 10.10.11.105 (no default gw) \
OpenVPN Tunnel IP: 10.3.100.2
Client router config:
Destination Gateway
10.12.0.0/16 10.10.11.105
Server:
Server Config
dev ovpns2
verb 3
syslog
dev-type tun
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-key
proto udp4
cipher AES-256-CBC
auth SHA256
up /usr/sbin/ovpn-up
down /usr/sbin/ovpn-down
lport 1196
management /var/run/openvpn/server4.sock unix
multihome
secret /etc/openvpn/server4.secret
persist-tun
route-metric 20
ifconfig 10.3.100.1 10.3.100.2
max-clients 1
route 10.10.10.0 255.255.255.0
route 10.10.11.0 255.255.255.0
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-CBC
Client
Client Config
dev ovpnc2
verb 3
dev-type tun
script-security 3
local 10.10.11.105
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
ifconfig 10.3.100.2 10.3.100.1
remote 85.158.X.X 1196 udp4
keepalive 10 60
route 10.12.0.0 255.255.0.0
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-CBC
resolv-retry infinite
lport 0
secret vpn-S2S.secret
Client IP Tables:
iptables -t nat -A POSTROUTING -o ens3 -j SNAT --to-source 10.10.11.105 (OpenVPN Client IP)
Thanks for the help!