I'm stumped and I'm requesting for assistance.
My goal is to allow OpenVPN server to access the rest of the machines in "remote" LAN through the client.
Could you please point me in the right direction?
Ping Tests
OpenVPN Server to Client
Code: Select all
[root@openvpn-server ~]# ping -c 3 192.168.16.150
PING 192.168.16.150 (192.168.16.150) 56(84) bytes of data.
64 bytes from 192.168.16.150: icmp_seq=1 ttl=64 time=70.8 ms
64 bytes from 192.168.16.150: icmp_seq=2 ttl=64 time=63.6 ms
64 bytes from 192.168.16.150: icmp_seq=3 ttl=64 time=69.7 ms
--- 192.168.16.150 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2073ms
rtt min/avg/max/mdev = 63.656/68.091/70.820/3.171 ms
[root@openvpn-server ~]# ping -c 3 172.16.0.253
PING 172.16.0.253 (172.16.0.253) 56(84) bytes of data.
64 bytes from 172.16.0.253: icmp_seq=1 ttl=64 time=68.8 ms
64 bytes from 172.16.0.253: icmp_seq=2 ttl=64 time=64.1 ms
64 bytes from 172.16.0.253: icmp_seq=3 ttl=64 time=66.2 ms
--- 172.16.0.253 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2069ms
rtt min/avg/max/mdev = 64.177/66.434/68.860/1.938 ms
[root@openvpn-server ~]#
Code: Select all
root@raspberrypi:~# ping -c 3 10.0.0.5
PING 10.0.0.5 (10.0.0.5) 56(84) bytes of data.
64 bytes from 10.0.0.5: icmp_seq=1 ttl=255 time=67.8 ms
64 bytes from 10.0.0.5: icmp_seq=2 ttl=255 time=68.2 ms
64 bytes from 10.0.0.5: icmp_seq=3 ttl=255 time=65.4 ms
--- 10.0.0.5 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 65.434/67.187/68.239/1.265 ms
root@openvpn-client:~# ping -c 3 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=255 time=69.3 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=255 time=99.3 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=255 time=86.3 ms
--- 172.16.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 69.388/85.051/99.373/12.277 ms
root@openvpn-client:~#
Code: Select all
[root@openvpn-server ~]# ping -c 3 192.168.16.214
PING 192.168.16.214 (192.168.16.214) 56(84) bytes of data.
--- 192.168.16.214 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 11999ms
[root@openvpn-server ~]#
Code: Select all
root@raspberrypi:~# ping -c 3 192.168.16.214
PING 192.168.16.214 (192.168.16.214) 56(84) bytes of data.
64 bytes from 192.168.16.214: icmp_seq=1 ttl=64 time=0.447 ms
64 bytes from 192.168.16.214: icmp_seq=2 ttl=64 time=0.521 ms
64 bytes from 192.168.16.214: icmp_seq=3 ttl=64 time=0.523 ms
--- 192.168.16.214 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.447/0.497/0.523/0.035 ms
root@raspberrypi:~#
Code: Select all
[root@ps2_srva ~]# ping -c 3 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
--- 172.16.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 11999ms
[root@ps2_srva ~]#
Code: Select all
[root@ps2_srva ~]# ping -c 3 172.16.0.253
PING 172.16.0.253 (172.16.0.253) 56(84) bytes of data.
64 bytes from 172.16.0.253: icmp_seq=1 ttl=64 time=0.526 ms
64 bytes from 172.16.0.253: icmp_seq=2 ttl=64 time=0.502 ms
64 bytes from 172.16.0.253: icmp_seq=3 ttl=64 time=0.516 ms
--- 172.16.0.253 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.502/0.514/0.526/0.027 ms
:[root@ps2_srva ~]#
OpenVPN Server
Code: Select all
eth0 - ip: 10.0.0.5 mask: 255.255.255.0
tun0 - ip: 172.16.0.1 mask: 255.255.255.0
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.16.0 172.16.0.2 255.255.255.0 UG 0 0 0 tun0
Code: Select all
eth0 - ip: 192.168.16.150 mask: 255.255.255.0
tun0 - ip: 172.16.0.253 mask: 255.255.255.0
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.16.254 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.16.254 0.0.0.0 UG 202 0 0 eth0
10.0.0.0 172.16.0.1 255.255.255.0 UG 0 0 0 tun0
5x.xx.xx.xx 192.168.16.254 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 172.16.0.1 128.0.0.0 UG 0 0 0 tun0
172.16.0.0 0.0.0.0 255.240.0.0 U 0 0 0 tun0
192.168.16.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
Code: Select all
bond0 - ip: 192.168.16.214 mask: 255.255.255.0
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.0 192.168.16.150 255.255.255.0 UG 0 0 0 bond0
192.168.16.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 bond0
0.0.0.0 192.168.16.254 0.0.0.0 UG 0 0 0 bond0
server.conf
port 1194
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
topology subnet
route 192.168.16.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 1 5
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
cipher AES-256-CBC
crl-verify crl.pem
client-config-dir ccd
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
topology subnet
route 192.168.16.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 1 5
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
cipher AES-256-CBC
crl-verify crl.pem
client-config-dir ccd
ccd client
ifconfig-push 172.16.0.253 172.16.0.254
push "route 10.0.0.0 255.255.255.0"
iroute 192.168.16.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
iroute 192.168.16.0 255.255.255.0
client.conf
client
dev tun
proto udp
remote 5x.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
dev tun
proto udp
remote 5x.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
juanpablo