OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Missing iptable after client connect - A software bug?

https://forums.openvpn.net/viewtopic.php?t=32582

Page 1 of 1

Missing iptable after client connect - A software bug?

Posted: Fri Jul 02, 2021 7:24 am
by Starbase12
Good morning together,

I'm trying to build one side-to-site VPN between my own and my parents home. I started using OpenVPN AS 2.8.7 and updated now up to 2.9.1. Most of the things are working fine. I don't want to use NAT. Only Routing. Every client/server should be able to see the correct origin IP. After my parents home connected automatically I'm able to communicate with the remote network (..178.0/24) without issues. But the opposite direction isn't working. They're not able to contact my network (..200.0/24 or ..201.0/24).

I found out, that one missing iptable (which should be generated automatically - or not?) seems to be the main problem.

The time I'm not able to communicate between Parents -> Me "iptables -L AS0_IN" give me:

Code: Select all

Chain AS0_IN (4 references)
target              prot opt source             destination
ACCEPT              all  --  anywhere           10.0.8.1
                    all  --  0.0.0.0            anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.133         anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.134         anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.132         anywhere
After I add manually "iptables -A AS0_IN -s 192.168.178.0/24 -j AS0_U_PARENTS_IN" the comminucation works in both directions:

Code: Select all

Chain AS0_IN (4 references)
target              prot opt source             destination
ACCEPT              all  --  anywhere           10.0.8.1
                    all  --  0.0.0.0            anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.133         anywhere
                    all  --  0.0.0.0            anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.134         anywhere
AS0_U_PARENTS_IN    all  --  10.0.8.132         anywhere
AS0_U_PARENTS_IN    all  --  192.168.178.0/24   anywhere
What is totally incomprehensible to me here is the fact that as soon as I change something (really something. It doesn't matter what I'm changing or for which user I'm changing something) within their user permissions (AS web interface). After clicking "Update Running Server" the iptables correct themselves. Is this a software bug or why is the missing iptable added after one change? Please help me to figure this out. I already invest one whole day into finding this :roll: .

Thanks in advanced.
Chris

Re: Missing iptable after client connect - A software bug?

Posted: Fri Jul 02, 2021 11:34 am
by openvpn_inc
HI Chris,

Can you please advise which Linux distribution your access server is running?
And you only monitor this on the latest release which is 2.9.1 right?

Regards,
Crowley

Re: Missing iptable after client connect - A software bug?

Posted: Fri Jul 02, 2021 11:39 am
by Starbase12
openvpn_inc wrote:
Fri Jul 02, 2021 11:34 am
 Can you please advise which Linux distribution your access server is running?
And you only monitor this on the latest release which is 2.9.1 right?
Hi Crowley,

my Server is running on a Debian Buster VM (x64). My used repo is "http://as-repository.openvpn.net/as/debian buster main". I'm facing this issue on both versions. 2.8.7 and also 2.9.1 after upgrading.

Re: Missing iptable after client connect - A software bug?

Posted: Fri Jul 02, 2021 12:50 pm
by openvpn_inc
Hi Chris,

I'd suggest getting in touch with us on https://openvpn.net/support so we can try to see what is going on and get some logs there.

Kind regards,
Johan
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/