LAN access to VPN client failed
Posted: Mon Apr 15, 2013 7:46 pm
Hi,
I'm a newby at the VPN topics, so be patiently with me.
I have managed to create a VPN tunnel and I'm able to ping the client form the VPN Server. I also can ping from the client to the Server and to other PCs in the LAN of the server but I'm not able to ping from the LAN the VPN client.
Here is my config:
server.conf
client.conf
server routes
executed code on the VPN server
following ping scenarios are working:
ping from 10.8.0.6 to 192.168.122.x
ping from 10.8.0.6 to 10.8.0.1
ping from 10.8.0.6 to (0.0.0.0) internet
ping form 10.8.0.1 (192.168.122.33) VPN server to 10.8.0.6
but
ping from 192.168.122.21 to 10.8.0.6
ping from 192.168.122.21 to 10.8.0.1
ping from 192.168.122.21 to 10.8.0.x
doesn't work.
Do you have any ideas?
Thanks for your help
Olli
I'm a newby at the VPN topics, so be patiently with me.
I have managed to create a VPN tunnel and I'm able to ping the client form the VPN Server. I also can ping from the client to the Server and to other PCs in the LAN of the server but I'm not able to ping from the LAN the VPN client.
Here is my config:
Code: Select all
Fritzbox: 192.168.122.1
Raspberry PI (VPN Server): 192.168.122.33
Client: x.x.x.x (Mobile, PC or other device)
Code: Select all
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa2/keys/ca.crt
cert /etc/openvpn/easy-rsa2/keys/server_raspi.crt
key /etc/openvpn/easy-rsa2/keys/server_raspi.key
dh /etc/openvpn/easy-rsa2/keys/dh1024.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
client-to-client
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.122.1"
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 9
Code: Select all
client
dev tun
proto udp
remote .dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/easy-rsa2/keys/ca.crt
cert /etc/openvpn/easy-rsa2/keys/client_raspi.crt
key /etc/openvpn/easy-rsa2/keys/client_raspi.key
pull
log openvpn.log
comp-lzo
verb 3
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 192.168.122.33
iptables -t nat -A INPUT -i eth0 -p udp -m udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.122.33
ping from 10.8.0.6 to 192.168.122.x
ping from 10.8.0.6 to 10.8.0.1
ping from 10.8.0.6 to (0.0.0.0) internet
ping form 10.8.0.1 (192.168.122.33) VPN server to 10.8.0.6
but
ping from 192.168.122.21 to 10.8.0.6
ping from 192.168.122.21 to 10.8.0.1
ping from 192.168.122.21 to 10.8.0.x
doesn't work.
Do you have any ideas?
Thanks for your help
Olli