Ping between tunnel ends is not working. OpenVPN client-server config.
Posted: Tue Jun 01, 2021 9:18 pm
Hello all,
During a simple configuration for the client - server with TLS authentication, I configured a tunnel with addresses in the "ifconfig" line, ie 10.8.0.1 and 0.2 for each site (both configuration files below).
Note: Client and serwer both virtual machines are on the nat network.
SERVER
CLIENT
The problem is, that the ping from server to 10.8.0.1 doesn't work and vice versa fro client and ping to 10.8.0.2.
In the logs from initialisation i get:
LOGS (after running config file on server site)
Probably the problem is the last line of the LOG ^
Ipetables rules have been cleared.. I'm asking for help because I don't know what's wrong. Even the smallest hint or link to a fragment of the documentation may be beneficial.
/kedzidom
01101011011000010110110001101001011010010111001101101100011010010110011001100101
During a simple configuration for the client - server with TLS authentication, I configured a tunnel with addresses in the "ifconfig" line, ie 10.8.0.1 and 0.2 for each site (both configuration files below).
Note: Client and serwer both virtual machines are on the nat network.
SERVER
Code: Select all
mode server
tls-server
dev tun
ifconfig 10.8.0.2 10.8.0.1
port 1194
proto udp
keepalive 10 120
ca /etc/ssl/private/ovpn-server/ca.crt
cert /etc/ssl/private/ovpn-server/ovpn-server.crt
key /etc/ssl/private/ovpn-server/ovpn-server.key
dh /etc/ssl/private/ovpn-server/dh.pem
tls-crypt /etc/ssl/private/ovpn-server/ta.key 0
cipher AES-256-GCM
auth SHA512Code: Select all
client
tls-client
remote 10.0.2.12
dev tun
ifconfig 10.8.0.1 10.8.0.2
proto udp
keepalive 10 120
ca /home/client1/Files4OVPN/ca.crt
cert /home/client1/Files4OVPN/C1_ovpn-server.crt
key /home/client1/Files4OVPN/C1_ovpn-server.key
tls-crypt /home/client1/Files4OVPN/ta.key 1
cipher AES-256-GCM
auth SHA512
remote-cert-tls serverIn the logs from initialisation i get:
LOGS (after running config file on server site)
Code: Select all
openvpn --config server.conf 130 ⨯
2021-06-01 16:36:43 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
2021-06-01 16:36:43 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-06-01 16:36:43 TUN/TAP device tun0 opened
2021-06-01 16:36:43 net_iface_mtu_set: mtu 1500 for tun0
2021-06-01 16:36:43 net_iface_up: set tun0 up
2021-06-01 16:36:43 net_addr_ptp_v4_add: 10.8.0.2 peer 10.8.0.1 dev tun0
2021-06-01 16:36:43 Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-06-01 16:36:43 UDPv4 link local (bound): [AF_INET][undef]:1194
2021-06-01 16:36:43 UDPv4 link remote: [AF_UNSPEC]
2021-06-01 16:36:43 Initialization Sequence Completed
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_VER=2.5.1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_PLAT=linux
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_PROTO=6
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_NCP=2
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZ4=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZ4v2=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZO=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_COMP_STUB=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_COMP_STUBv2=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_TCPNL=1
2021-06-01 16:36:46 10.0.2.9:1194 [C1_ovpn-server] Peer Connection Initiated with [AF_INET]10.0.2.9:1194
2021-06-01 16:36:46 C1_ovpn-server/10.0.2.9:1194 MULTI: no dynamic or static remote--ifconfig address is available for C1_ovpn-server/10.0.2.9:1194
Ipetables rules have been cleared.. I'm asking for help because I don't know what's wrong. Even the smallest hint or link to a fragment of the documentation may be beneficial.
/kedzidom
01101011011000010110110001101001011010010111001101101100011010010110011001100101