My VPN client can't connect to another VPN client's LAN via ssh
Posted: Fri Mar 11, 2022 3:19 pm
Hello, here is my network configuration.
And i can use PC3_1 to ping PC2_2.
My problem is that PC3_1 can't connect via ssh to PC2_2, however ssh is available and enabled on PC2_2. In fact I believe that except ping that works I can't start another service of PC2_2 from the PC3_1 machine.
Correct me if I'm wrong but once I can ping an address, normally I can access the service of this address.
This is my config :
#### For openvpn_server:
>> cat /etc/openvpn/server/server.conf
>> route
#### For openvpn_clients:
# Config client
# For PC3_1
>> cat /etc/openvpn/server/ccd/client1
>> route
# For PC2_2
>> cat /etc/openvpn/server/ccd/client2
>> route
In conclusion, I want to connect to a computer behind the LAN of a vpn client.
Thanks for your helps
LAN1: 10.128.10.0/24
openvpn_server:
local ip: 10.128.10.18
vpn tunel ip: 10.8.0.1
LAN2: 192.168.20.0/24
PC2_1 (openvpn_client) => CN= client2:
local ip: 192.168.20.4
vpn tunel ip: 10.8.0.200
PC2_2 :
local ip: 192.168.20.5
(it is not in VPN)
LAN3: 192.168.176.0/24
PC3_1 (openvpn_client) => CN=client1:
local ip: 192.168.176.25
vpn tunel ip: 10.8.0.100
And i can use PC3_1 to ping PC2_2.
My problem is that PC3_1 can't connect via ssh to PC2_2, however ssh is available and enabled on PC2_2. In fact I believe that except ping that works I can't start another service of PC2_2 from the PC3_1 machine.
Correct me if I'm wrong but once I can ping an address, normally I can access the service of this address.
This is my config :
#### For openvpn_server:
>> cat /etc/openvpn/server/server.conf
Code: Select all
port 1800
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 192.168.20.0 255.255.255.0"
push "route 192.168.176.0 255.255.255.0"
route 192.168.20.0 255.255.255.0
route 192.168.176.0 255.255.255.0
client-config-dir /etc/openvpn/server/ccd
ccd-exclusive
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-to-client
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
crl-verify crl.pem
verb 3
explicit-exit-notify 1
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 ens160
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.128.10.0 0.0.0.0 255.255.255.224 U 0 0 0 ens160
192.168.20.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.176.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
# Config client
Code: Select all
client
dev tun
proto udp
remote Public_ip 1800
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
key-direction 1
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
...
Signature Algorithm: ecdsa-with-SHA512
Issuer: CN=certificat
Validity
Not Before: Mar 9 15:49:26 2022 GMT
Not After : Feb 21 15:49:26 2025 GMT
Subject: CN=client2 # Same for client1
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
...
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
...
X509v3 Authority Key Identifier:
...
DirName:/CN=certificat
serial:...
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: ecdsa-with-SHA512
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>
>> cat /etc/openvpn/server/ccd/client1
Code: Select all
ifconfig-push 10.8.0.100 255.255.255.0
iroute 192.168.176.0 255.255.255.0
Code: Select all
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 255.255.255.0 128.0.0.0 UG 0 0 0 tun0
default _gateway 0.0.0.0 UG 600 0 0 wlan0
10.8.0.0 255.255.255.0 255.255.255.0 UG 0 0 0 tun0
128.0.0.0 255.255.255.0 128.0.0.0 UG 0 0 0 tun0
Public_ip_of_vpn_server _gateway 255.255.255.255 UGH 0 0 0 wlan0
192.168.20.0 255.255.255.0 255.255.255.0 UG 0 0 0 tun0
192.168.176.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0
255.255.255.0 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
>> cat /etc/openvpn/server/ccd/client2
Code: Select all
ifconfig-push 10.8.0.200 255.255.255.0
iroute 192.168.20.0 255.255.255.0
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 255.255.255.0 128.0.0.0 UG 0 0 0 tun0
default 192.168.20.1 0.0.0.0 UG 202 0 0 eth0
10.8.0.0 255.255.255.0 255.255.255.0 UG 0 0 0 tun0
128.0.0.0 255.255.255.0 128.0.0.0 UG 0 0 0 tun0
Public_ip_of_vpn_server 192.168.20.1 255.255.255.255 UGH 0 0 0 eth0
192.168.20.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.176.0 255.255.255.0 255.255.255.0 UG 0 0 0 tun0
255.255.255.0 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
Thanks for your helps