Re: Site to Site VPN - Issues on AS side
Posted: Fri Jan 20, 2017 3:41 am
Hi all!
I have setup a site to site VPN using the tutorial here
https://docs.openvpn.net/how-to-tutoria ... ss-server/
Both sites (client and AS) are running Ubuntu v16.
Everything except browsing from Site A (where the AS is) to Site B (the client) works. Clients at Site B are able to access servers/websites at Site A but clients at Site A are not able to access HTTP servers at Site B. However (and this is the part that has me puzzled), clients from Site A are able to ping said servers at Site B and are able to SSH into Site B servers. I have checked IPTables, IPv4 forwarding, etc. All of that checks out (I think). The advertised routes (both sites are running Ubiquiti Edge Routers) are correctly advertised to clients and traceroutes traverse the tunnel.
192.168.0.1 = Edgerouter at Site A
192.168.0.161 = OpenVPN AS server
172.27.232.2 = Client VPN IP
192.168.77.43 = Web server at Site B
I have a feeling I am missing something very simple! Any help would be appreciated, thank you!
Here is the client config
I have setup a site to site VPN using the tutorial here
https://docs.openvpn.net/how-to-tutoria ... ss-server/
Both sites (client and AS) are running Ubuntu v16.
Everything except browsing from Site A (where the AS is) to Site B (the client) works. Clients at Site B are able to access servers/websites at Site A but clients at Site A are not able to access HTTP servers at Site B. However (and this is the part that has me puzzled), clients from Site A are able to ping said servers at Site B and are able to SSH into Site B servers. I have checked IPTables, IPv4 forwarding, etc. All of that checks out (I think). The advertised routes (both sites are running Ubiquiti Edge Routers) are correctly advertised to clients and traceroutes traverse the tunnel.
Code: Select all
traceroute to 192.168.77.43 (192.168.77.43), 64 hops max, 52 byte packets
1 192.168.0.1 (192.168.0.1) 1.677 ms 1.451 ms 1.064 ms
2 192.168.0.161 (192.168.0.161) 1.906 ms 1.893 ms 1.786 ms
3 172.27.232.2 (172.27.232.2) 6.656 ms 6.736 ms 6.532 ms
4 192.168.77.43 (192.168.77.43) 7.158 ms 7.117 ms 6.516 ms
192.168.0.161 = OpenVPN AS server
172.27.232.2 = Client VPN IP
192.168.77.43 = Web server at Site B
Code: Select all
telnet 192.168.77.43 80
Trying 192.168.77.43...
Connected to 192.168.77.43.
Escape character is '^]'.
Here is the client config
test
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 443 tcp
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
client
server-poll-timeout 4
nobind
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 443 tcp
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 1194 udp
remote test.org 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO