OpenVPN Support Forum

Posted: **Wed Oct 13, 2021 6:39 pm**

I can ping the client's VPN address (172.16.1.2) but not client-side LAN (192.168.3.1) from behind the server. What is curious is that from behind the client I can ping the server-side LAN (192.168.2.1) and anything behind the server. Both the server and client are routers that are behind the internet. I am certain this is due to incorrect routing tables, but I can't for the life of me figure out what is wrong.

Code: Select all

Server routing table:  
Destination    ||| Gateway     |||    Interface
0.0.0.0/0	  ||| 172.16.66.1  ||| eth0	
0.0.0.0/24	|||	    0.0.0.0    |||   vtun0
127.0.0.0/8	|||	  0.0.0.0       |||     lo		
172.16.1.0/24	|||	      0.0.0.0      |||    vtun0	
172.16.66.0/24	|||     0.0.0.0      |||      eth0	
192.168.2.0/24	|||      0.0.0.0       |||    switch0		
192.168.3.0/24	   |||  172.16.1.2	|||  vtun0

Code: Select all

Client routing table: 
Destination    |||      Gateway      |||   Interface
0.0.0.0	     |||      OMIT PUBLIC IP |||  eth0	
172.16.1.0/24	|||   0.0.0.0	     |||        vtun0
192.168.2.0/24	 ||| 172.16.1.1	|||     vtun0
192.168.3.0/24	|||   0.0.0.0	 |||           switch0

Posted: **Wed Nov 03, 2021 9:57 pm**

Hi ,have you solved?
Same situation here.
In my case (maybe the same as you) the problem is that when server send packet to client subnet ,address in source ip in the packet is address from public wan eth0 of the server and not address of tun0.
src ip in packet send to openvpn client address (10.8.0.2) is correctly 10.8.0.1
Just in case i try to force src ip with nat rule in iptable and put tun0 address as preferred src for clientsubnet route
but nothing changed
problem only from server.From another client I can correctly ping tun address 10.8.0.2 and client subnet addresses.
Hope someone can help

OpenVPN Support Forum

Connected: Can ping client's VPN address but not client-side LAN

Connected: Can ping client's VPN address but not client-side LAN

Re: Connected: Can ping client's VPN address but not client-side LAN