My openvpn server having two NIC card
eth0 having public IP (outside)
eht1 with IP 10.1.16.x (for internal LAN) which is connected to a switch connecting my other servers with ips of 10.1.16.x
openvpn server tun0 IP is 10.8.0.1 (as pool is 10.8.0.0/24), as any of the openvpn client connect with server and gets any ip from pool say 10.1.0.6.
Cases:
1. ping from client 10.8.0.6 to server ip 10.8.0.1 is successfull
2. ping from client 10.8.0.6 to eth1 interface ip (10.1.16.x) is successfull as I have pushed 10.1.16.x to client in my server.conf file
3. ping from client 10.8.0.6 to other server say 10.1.16.82 is unsuccessful.
Problem is with my third case, when client with source IP 10.8.0.6 tries to ping 10.1.16.82 then one way path is ok, but during return path as 10.1.16.82 don't have route to 10.8.0.x is send it to default route which is 10.1.16.1, but here also same problem so ping dont get the reply.
I am thinking of 2 solution:
1. Client which are coming with source IP 10.8.0.x SNAT them to 10.1.16.x.
2. second is setting route to 10.8.0.x at 10.1.16.1.
Please help me with these solution.
Unable to access internal servers on openvpn server
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Dec 21, 2010 3:23 pm
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Unable to access internal servers on openvpn server
The typical way is to push a route from the server to the client with the "push" directive.
An example would be:
push "route 10.1.16.0 255.255.255.0"
The only caveat is that if you are running Windows Vista or Windows 7, you will need to set the openvpn executable to run with administrator privileges or it will be unable to create the routes.
Regards,
Stephen
An example would be:
push "route 10.1.16.0 255.255.255.0"
The only caveat is that if you are running Windows Vista or Windows 7, you will need to set the openvpn executable to run with administrator privileges or it will be unable to create the routes.
Regards,
Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Dec 21, 2010 3:23 pm
Re: Unable to access internal servers on openvpn server
Yes, I have already pushed that route on openvpn config file (server.conf)
See, if m connecting only a single server with ip 192.168.10.1 and make it connected to eth1 interface of openvpn server with ip 192.168.10.2. as in this case I am setting gateway as 192.168.10.2(which is openvpn server eth1 ip), so when openvpn client with source IP 10.8.0.6 tries to ping 192.168.10.1 then one way path is ok, during return path as 192.168.10.1 has default route to eth1, which is 192.168.10.2.
But if m connecting eth1 interface (ip 10.1.16.85) of openvpn server to a switch, so in this case as all the connected with that server having their own default route unlike above case, so when openvpn client with source IP 10.8.0.6 tries to ping 10.1.16.82 (any server on switch) then one way path is ok, but during return path as 10.1.16.82 don't have route to 10.8.0.x is send it to default route which is say 10.1.16.1 not 10.1.16.85, so ping dont get the reply.
Please suggest any solution
See, if m connecting only a single server with ip 192.168.10.1 and make it connected to eth1 interface of openvpn server with ip 192.168.10.2. as in this case I am setting gateway as 192.168.10.2(which is openvpn server eth1 ip), so when openvpn client with source IP 10.8.0.6 tries to ping 192.168.10.1 then one way path is ok, during return path as 192.168.10.1 has default route to eth1, which is 192.168.10.2.
But if m connecting eth1 interface (ip 10.1.16.85) of openvpn server to a switch, so in this case as all the connected with that server having their own default route unlike above case, so when openvpn client with source IP 10.8.0.6 tries to ping 10.1.16.82 (any server on switch) then one way path is ok, but during return path as 10.1.16.82 don't have route to 10.8.0.x is send it to default route which is say 10.1.16.1 not 10.1.16.85, so ping dont get the reply.
Please suggest any solution
- gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Unable to access internal servers on openvpn server
Please post your client and server configuration files.
-S
-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Dec 21, 2010 3:23 pm
Re: Unable to access internal servers on openvpn server
server.conf:
port 1194
proto udp
dev tun
ca /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/ca.crt
cert /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/server.crt
key /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/server.key
dh /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.1.16.0 255.255.255.0"
keepalive 10 120
cipher BF-CBC
comp-lzo
persist-key
persist-tun
verb 6
client.conf:
client
dev tun
proto udp
remote 164.100.31.57 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client3.crt
key client3.key
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
port 1194
proto udp
dev tun
ca /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/ca.crt
cert /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/server.crt
key /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/server.key
dh /usr/share/doc/openvpn-2.0.9/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.1.16.0 255.255.255.0"
keepalive 10 120
cipher BF-CBC
comp-lzo
persist-key
persist-tun
verb 6
client.conf:
client
dev tun
proto udp
remote 164.100.31.57 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client3.crt
key client3.key
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3