openvpn server version is 2.4.7 (debian buster)
openvpn client version is 2.5.1 (debian bullseye)
server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/srvkey.crt
key /etc/openvpn/server/srvkey.key
dh /etc/openvpn/server/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
duplicate-cn
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nogroup
log-append /var/log/openvpn.log
verb 3
client.ovpn
client
dev tun
proto udp
remote store.XXXX.com 1194
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
server routes:
root@store:~# ip route
default via 192.168.1.1 dev bond0 onlink
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.1.0/24 dev bond0 proto kernel scope link src 192.168.1.10
client routes when connected to vpn server:
root@nexus2-bullseye-latest5:~# ip route
0.0.0.0/1 via 10.8.0.9 dev tun0
default via 10.66.51.222 dev ens2
10.8.0.0/24 via 10.8.0.9 dev tun0
10.8.0.1 via 10.8.0.9 dev tun0
10.8.0.9 dev tun0 proto kernel scope link src 10.8.0.10
10.66.51.222/31 dev ens2 proto kernel scope link src 10.66.51.223
PUB@IP via 10.66.51.222 dev ens2
128.0.0.0/1 via 10.8.0.9 dev tun0
192.168.1.0/24 via 10.8.0.9 dev tun0
I can only reach the vpn server on local network but not the other ones:
root@nexus2-bullseye-latest5:~# traceroute 192.168.1.10
traceroute to 192.168.1.10 (192.168.1.10), 30 hops max, 60 byte packets
1 192.168.1.10 (192.168.1.10) 10.053 ms 10.125 ms 10.168 ms
root@nexus2-bullseye-latest5:~# traceroute 192.168.1.230
traceroute to 192.168.1.230 (192.168.1.230), 30 hops max, 60 byte packets
1 10.8.0.1 (10.8.0.1) 8.876 ms 8.801 ms 8.779 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Gateway:
root@gateway:~# iptables -t nat -v -L POSTROUTING -n --line-number
Chain POSTROUTING (policy ACCEPT 3394K packets, 217M bytes)
num pkts bytes target prot opt in out source destination
1 78M 4619M TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 TCPMSS clamp to PMTU
2 60M 3875M MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
3 0 0 MASQUERADE all -- * eth0 10.8.0.0/24 0.0.0.0/0
root@gateway:~# ip route
default via 192.168.0.1 dev eth1
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.5
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
Any help would be appreciated.
Thank you