Access from Server to Client on existing interface

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Access from Server to Client on existing interface

Post by sbuccoliero » Sun Jun 18, 2017 4:00 pm

Hi
I have a challenge not being able to connect from The Servers existing interface to the Client after tunnel is initiated. The other direction works fine
Server: 10.10.10.33
VPN_IP: 172.27.224.1

Client 192.168.1.200
VPN_IP: 172.27.224.130 (Fixed)

From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK


From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail

How do i configure this reverse connectivity on existing interfaces?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Access from Server to Client on existing interface

Post by Pippin » Sun Jun 18, 2017 4:06 pm


sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Re: Access from Server to Client on existing interface

Post by sbuccoliero » Sun Jun 18, 2017 6:28 pm

Thanks Pippin

Added file /usr/local/openvpn_as/etc/ccd/192.168.1.200 to server
content:
iroute 192.168.1.0 255.255.255.0

Added this to server config directives (web page)
route 192.168.1.0 255.255.255.0

initiated tunnel but still same result:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK


From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail

sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Re: Access from Server to Client on existing interface

Post by sbuccoliero » Sun Jun 18, 2017 6:39 pm

hmm.. what is the common name of my client, how do i find that?

sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Re: Access from Server to Client on existing interface

Post by sbuccoliero » Sun Jun 18, 2017 8:52 pm

I dont know what the common name of my client is as i just downloaded the client.ovpn file from the openvpn access server
looking everywhere i cannot locate the common name...

User avatar
disqualified
OpenVPN User
Posts: 40
Joined: Fri Jun 03, 2016 7:13 pm

Re: Access from Server to Client on existing interface

Post by disqualified » Sun Jun 18, 2017 9:27 pm

sbuccoliero wrote:looking everywhere
:lol:


https://openvpn.net/index.php/login.html

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Access from Server to Client on existing interface

Post by Pippin » Sun Jun 18, 2017 9:53 pm

Woops, i see now this is Acces Server, i should pay attention.
Hope i`m not disqualified :)

User avatar
disqualified
OpenVPN User
Posts: 40
Joined: Fri Jun 03, 2016 7:13 pm

Re: Access from Server to Client on existing interface

Post by disqualified » Sun Jun 18, 2017 10:08 pm

How do you disqualify the distinction between Openvpn-AccessServer vs. the free monkey ?

One thing you can do is make sure you know what you are doing .. :mrgreen:

I guess this website could do a bit better though .. :lol:

sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Re: Access from Server to Client on existing interface

Post by sbuccoliero » Tue Jun 20, 2017 10:16 pm

Pippin wrote:Woops, i see now this is Acces Server, i should pay attention.
Hope i`m not disqualified :)
Hi Pippin
Since this is Access Server can you tell me if what i want to accomplish is possible or not?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Access from Server to Client on existing interface

Post by Pippin » Wed Jun 21, 2017 5:05 am

Yes, is possible.
Don`t know about Access Server but check the details of clients certificate for it`s unique common name.
Did you enable ip_forwarding on the client?
Firewall on client allows that traffic?

sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Re: Access from Server to Client on existing interface

Post by sbuccoliero » Fri Jun 23, 2017 7:59 pm

Hi Pippin,
how do i check the common name?
IP-forwarding is enabled on the client
and yes, firewall does allow the traffic

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Access from Server to Client on existing interface

Post by Pippin » Fri Jun 23, 2017 10:00 pm

Code: Select all

openssl x509 -noout -subject -in /pat/to/your_client.crt

sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Re: Access from Server to Client on existing interface

Post by sbuccoliero » Sat Jun 24, 2017 5:55 pm

sudo openssl x509 -noout -subject -in /tmp/output/client.crt
subject= /CN=openvpn

created ccd directory
in that a file "openvpn" with content
iroute 192.168.1.0 255.255.255.0

on server side i have
route 192.168.1.0 255.255.255.0
-duplicate-cn

After i open tunnel it is the same:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK


From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail

On the vpn server the 192.168.1.0 route is not created:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.254 0.0.0.0 UG 0 0 0 bond0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 bond0
172.27.224.0 0.0.0.0 255.255.255.192 U 0 0 0 as0t0
172.27.224.64 0.0.0.0 255.255.255.192 U 0 0 0 as0t1
172.27.224.130 0.0.0.0 255.255.255.255 UH 0 0 0 as0t0

sbuccoliero
OpenVpn Newbie
Posts: 8
Joined: Sun Jun 18, 2017 3:53 pm

Re: Access from Server to Client on existing interface

Post by sbuccoliero » Thu Jun 29, 2017 7:59 pm

Finally! Problem solved!
once i enabled VPN Gateway in the user permissions it worked smoothly.

Post Reply