Server to client network access between two tomatousb routers

[christofferraa]

Hi
I have been testing and googling and I am not able to find the problem.
I have two networks, both routers run Tomatousb Shibby
Client router 192.168.10.0 / 10.8.0.2
Server router 192.168.20.0 / 10.8.0.1
I am able to access everything as normal from client netwrok to server network. But from server network I can only ping/trace the client router.
When I run traceroute from the server router to an ip adress ex 192.168.10.110 only hop 1 shows 10.8.0.2 and then the list is empty.

I get that I probably need some firewall rules or some routing parameters on the client side.

Could some one please help me out?

Server config:

Code: Select all

daemon
ifconfig 10.8.0.1 10.8.0.2
proto tcp-server
port 1194
dev tun21
comp-lzo adaptive
keepalive 15 60
verb 3
secret static.key
status-version 2
status status

# Custom Configuration
script-security 2
route-up "/sbin/route add -net 192.168.10.0 netmask 255.255.255.0 gw 10.8.0.2"

Client:

Code: Select all

# Automatically generated configuration
daemon
dev tun11
proto tcp-client
remote xx.xxx.xx.xx 1194
ifconfig 10.8.0.2 10.8.0.1
resolv-retry 30
nobind
persist-key
persist-tun
comp-lzo adaptive
verb 3
secret static.key
status-version 2
status status

# Custom Configuration
route 192.168.20.0 255.255.255.0 10.8.0.1

Edit: Some clarifications

[TinCanTech]

Compare the different routing tables on each of your devices ..

[christofferraa]

Those I have compared and I as far as I can se they are the same except the 3. segment is different as it should be and also the tun11/tun21

Under are the routing tables regarding the VPN

Server side

Code: Select all

Destination	Gateway / Next Hop	Subnet Mask	Metric	Interface
192.168.10.0	10.8.0.2	255.255.255.0	0	tun21
10.8.0.2	*	255.255.255.255	0	tun21

Client side

Code: Select all

Destination	Gateway / Next Hop	Subnet Mask	Metric	Interface
192.168.20.0	10.8.0.1	255.255.255.0	0	tun11
10.8.0.1	*	255.255.255.255	0	tun11

BR
Christoffer

[TinCanTech]

By each of your devices, I mean all of your devices that you want to use the vpn.

[christofferraa]

Hi
The routing table posted above is from the routers.

I am able to ping between the routers both ways. And I am able to ping from a computer on the client side but not from the router on the server side to a computer on the client side.

I have done several traceroute tests and from what I can see the different devices on the server side knows where to route the ip adress to as a traceroute to the route succeedes but when I want to go past the client router it fails.

The routers routing tables are in the post above.

Failed tests in red

Tracert from compuiter on client side to NAS on server side

Code: Select all

Tracing route to NAS2 [192.168.20.11]
over a maximum of 30 hops:

  1     1 ms     1 ms    <1 ms  Christoffer.Christoffer [192.168.10.1]
  2    30 ms    30 ms    30 ms  10.8.0.1
  3    30 ms   289 ms    30 ms  NAS2 [192.168.20.11]

Trace complete.

Tracert from router on server side to computer on client side

Code: Select all

Hop	Address	Min (ms)	Max (ms)	Avg (ms)	+/- (ms)
1	10.8.0.2	27.47	27.56	27.51	
2	*				
3	*				
4	*				
5	*				
6	*				
7	*				
8	*				
9	*				
10	*				

[/color]


Server router to client router

Code: Select all

Hop	Address	Min (ms)	Max (ms)	Avg (ms)	+/- (ms)
1	192.168.10.1	28.12	31.13	29.49	

Client router to server router

Code: Select all

Hop	Address	Min (ms)	Max (ms)	Avg (ms)	+/- (ms)
1	192.168.20.1	27.26	33.29	29.81	

NAS on server side to computer on client side

Code: Select all

NAS3:/etc/iproute2# traceroute 192.168.10.110
traceroute to 192.168.10.110 (192.168.10.110), 30 hops max, 60 byte packets
 1  89router.89 (192.168.20.1)  0.292 ms  0.792 ms  0.753 ms
 2  10.8.0.2 (10.8.0.2)  36.651 ms  110.803 ms  111.316 ms
 3  * * *
 4  * * *
 5  * * *

[/color]

NAS on router side to router on client side

Code: Select all

traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 60 byte packets
 1  89router.89 (192.168.20.1)  0.323 ms  0.825 ms  0.786 ms
 2  192.168.10.1 (192.168.10.1)  35.826 ms  98.077 ms  98.578 ms

NAS3 Routing table, server side

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         89router.89     0.0.0.0         UG    0      0        0 eth0
10.8.0.1        *               255.255.255.255 UH    0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.10.0    89router.89     255.255.255.0   UG    0      0        0 eth0
192.168.20.0    *               255.255.255.0   U     0      0        0 eth0

Computer on client side routing table

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1   192.168.10.110     40
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.10.0    255.255.255.0         On-link    192.168.10.110    296
   192.168.10.110  255.255.255.255         On-link    192.168.10.110    296
   192.168.10.255  255.255.255.255         On-link    192.168.10.110    296
     192.168.20.0    255.255.255.0     192.168.10.1   192.168.10.110     41
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    192.168.10.110    296
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    192.168.10.110    296