Missing iptable after client connect - A software bug?

[Starbase12]

Good morning together,

I'm trying to build one side-to-site VPN between my own and my parents home. I started using OpenVPN AS 2.8.7 and updated now up to 2.9.1. Most of the things are working fine. I don't want to use NAT. Only Routing. Every client/server should be able to see the correct origin IP. After my parents home connected automatically I'm able to communicate with the remote network (..178.0/24) without issues. But the opposite direction isn't working. They're not able to contact my network (..200.0/24 or ..201.0/24).

I found out, that one missing iptable (which should be generated automatically - or not?) seems to be the main problem.

The time I'm not able to communicate between Parents -> Me "iptables -L AS0_IN" give me:

Code: Select all

Chain AS0_IN (4 references)
target              prot opt source             destination
ACCEPT              all  --  anywhere           10.0.8.1
                    all  --  0.0.0.0            anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.133         anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.134         anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.132         anywhere

After I add manually "iptables -A AS0_IN -s 192.168.178.0/24 -j AS0_U_PARENTS_IN" the comminucation works in both directions:

Code: Select all

Chain AS0_IN (4 references)
target              prot opt source             destination
ACCEPT              all  --  anywhere           10.0.8.1
                    all  --  0.0.0.0            anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.133         anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.134         anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.132         anywhere
AS0_U_PARENTS_IN    all  --  192.168.178.0/24   anywhere

What is totally incomprehensible to me here is the fact that as soon as I change something (really something. It doesn't matter what I'm changing or for which user I'm changing something) within their user permissions (AS web interface). After clicking "Update Running Server" the iptables correct themselves. Is this a software bug or why is the missing iptable added after one change? Please help me to figure this out. I already invest one whole day into finding this .

Thanks in advanced.
Chris

[openvpn_inc]

HI Chris,

Can you please advise which Linux distribution your access server is running?
And you only monitor this on the latest release which is 2.9.1 right?

Regards,
Crowley

[Starbase12]

Can you please advise which Linux distribution your access server is running?
And you only monitor this on the latest release which is 2.9.1 right?

Hi Crowley,

my Server is running on a Debian Buster VM (x64). My used repo is "http://as-repository.openvpn.net/as/debian buster main". I'm facing this issue on both versions. 2.8.7 and also 2.9.1 after upgrading.

[openvpn_inc]

Hi Chris,

I'd suggest getting in touch with us on https://openvpn.net/support so we can try to see what is going on and get some logs there.

Kind regards,
Johan