OpenVPN Support Forum

Hi
I have a challenge not being able to connect from The Servers existing interface to the Client after tunnel is initiated. The other direction works fine
Server: 10.10.10.33
VPN_IP: 172.27.224.1

Client 192.168.1.200
VPN_IP: 172.27.224.130 (Fixed)

From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK


From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail

How do i configure this reverse connectivity on existing interfaces?

Continue reading here:
https://openvpn.net/index.php/open-sour ... html#scope

Thanks Pippin

Added file /usr/local/openvpn_as/etc/ccd/192.168.1.200 to server
content:
iroute 192.168.1.0 255.255.255.0

Added this to server config directives (web page)
route 192.168.1.0 255.255.255.0

initiated tunnel but still same result:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK


From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail

hmm.. what is the common name of my client, how do i find that?

I dont know what the common name of my client is as i just downloaded the client.ovpn file from the openvpn access server
looking everywhere i cannot locate the common name...

sbuccoliero wrote:looking everywhere

https://openvpn.net/index.php/login.html

Woops, i see now this is Acces Server, i should pay attention.
Hope i`m not disqualified

How do you disqualify the distinction between Openvpn-AccessServer vs. the free monkey ?

One thing you can do is make sure you know what you are doing ..

I guess this website could do a bit better though ..

Pippin wrote:Woops, i see now this is Acces Server, i should pay attention.
Hope i`m not disqualified

Hi Pippin
Since this is Access Server can you tell me if what i want to accomplish is possible or not?

Yes, is possible.
Don`t know about Access Server but check the details of clients certificate for it`s unique common name.
Did you enable ip_forwarding on the client?
Firewall on client allows that traffic?

Hi Pippin,
how do i check the common name?
IP-forwarding is enabled on the client
and yes, firewall does allow the traffic

sudo openssl x509 -noout -subject -in /tmp/output/client.crt
subject= /CN=openvpn

created ccd directory
in that a file "openvpn" with content
iroute 192.168.1.0 255.255.255.0

on server side i have
route 192.168.1.0 255.255.255.0
-duplicate-cn

After i open tunnel it is the same:
From Client
Ping 172.27.224.1 - OK
Ping 10.10.10.33 - OK


From Server
Ping 172.124.224.130 - OK
Ping 192.168.1.200 - Fail

On the vpn server the 192.168.1.0 route is not created:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.254 0.0.0.0 UG 0 0 0 bond0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 bond0
172.27.224.0 0.0.0.0 255.255.255.192 U 0 0 0 as0t0
172.27.224.64 0.0.0.0 255.255.255.192 U 0 0 0 as0t1
172.27.224.130 0.0.0.0 255.255.255.255 UH 0 0 0 as0t0

Finally! Problem solved!
once i enabled VPN Gateway in the user permissions it worked smoothly.