AS 2.8.8: VPN client can ping private network IPs, but no other traffic is forwarded
Posted: Thu May 27, 2021 12:23 pm
Hi,
I just setup a new installation of AS 2.8.8 on CentOS 8. I have successfully configured LDAP and also post_auth ldap_groups to mach my LDAP accounts against AS access groups. In the VPN section I chose routing via NAT and entered two of my private networks.
My issue is, that any connected client can ping into the private networks, regardless of any access groups restrictions, but regular tcp traffic is not routed - it just seems to be dropped at the AS gateway. When the client connects, I can see the the routes for the private networks get pushed. This is how the vpn server is configured:
As far as I understood, choosing NAT should take care of configuring the IP masquerading, shouldn't it? However, when I try to run any tcp traffic to any of the hosts in either private gateway, no traffic emerges from the local interface. 10.11.31.0/24 is the network where the AS resides itself, so there couldn't even be a routing issue.
I have already setup the free version of OpenVPN before, but I cannot seem to get this working, so any input is greatly appreciated.
Thanks.
I just setup a new installation of AS 2.8.8 on CentOS 8. I have successfully configured LDAP and also post_auth ldap_groups to mach my LDAP accounts against AS access groups. In the VPN section I chose routing via NAT and entered two of my private networks.
My issue is, that any connected client can ping into the private networks, regardless of any access groups restrictions, but regular tcp traffic is not routed - it just seems to be dropped at the AS gateway. When the client connects, I can see the the routes for the private networks get pushed. This is how the vpn server is configured:
Code: Select all
"vpn.server.cipher": "AES-256-CBC",
"vpn.server.daemon.enable": "true",
"vpn.server.daemon.ovpndco": "false",
"vpn.server.daemon.protocols": "both",
"vpn.server.daemon.tcp.n_daemons": "2",
"vpn.server.daemon.tcp.port": "443",
"vpn.server.daemon.udp.n_daemons": "2",
"vpn.server.daemon.udp.port": "1194",
"vpn.server.dhcp_option.adapter_domain_suffix": "jvm.de",
"vpn.server.dhcp_option.dns.0": "10.11.24.6",
"vpn.server.dhcp_option.domain": "jvm.de",
"vpn.server.google_auth.enable": "false",
"vpn.server.group_pool.0": "172.27.240.0/20",
"vpn.server.port_share.enable": "true",
"vpn.server.port_share.ip_address": "1.2.3.4",
"vpn.server.port_share.port": "1234",
"vpn.server.port_share.service": "admin+client",
"vpn.server.routing.gateway_access": "true",
"vpn.server.routing.private_access": "nat",
"vpn.server.routing.private_network.0": "10.11.31.0/24",
"vpn.server.routing.private_network.1": "10.11.24.0/24",
"vpn.server.tls_auth": "true",
"vpn.server.tls_version_min": "1.2",I have already setup the free version of OpenVPN before, but I cannot seem to get this working, so any input is greatly appreciated.
Thanks.