OpenVPN Hetzner Network

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
rokk
OpenVpn Newbie
Posts: 1
Joined: Fri Nov 04, 2022 7:46 am

OpenVPN Hetzner Network

Post by rokk » Fri Nov 04, 2022 7:51 am

Hi,

I managed to create VM on the Hetzner yesterday and successfully install Open VPN Road Warrior VPN on it, and it works perfectly!

Since i have another VM on Hetzner, I created new Network and added both of these VMs to the network, and I am able to ping each other from the console. The OpenVpn connection which i configured on my computer is able to ping my first VM (where OPENVPN is installed) in that network, but unable to ping VM2 (I can ping VM2 from VM1). So i tried various route configurations, but nothing worked. Anyone has any ideas how to solve this?

my configuration:
Server Config
local MY-IPV4
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 MY-IPV6
push "redirect-gateway def1 ipv6 bypass-dhcp"
push "route 10.0.0.0 255.255.0.0"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "block-outside-dns"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: OpenVPN Hetzner Network

Post by ordex » Fri Nov 04, 2022 12:42 pm

Just to clarify, this is unrelated to OpenVPN per se as this is a pure routing problem.
You now have two different networks joint at VM1 and you want the two to be able to talk to each other.

To achieve that, you have to push a route to your VPN client with the network used to communicate to the second VM. I.e. if the connection between VM1 and VM2 uses 10.10.10.0/24 you have to add

Code: Select all

push "route 10.10.10.0 255.255.255.0"
to your server config.

On top of that, VM2 must also have a route telling it where to find the VPN network (i.e. using VM1 as nexthop).
Lastly VM1 must have ip-forwarding enabled and the firewall should not block forwarded traffic.

I hope it helps.

Post Reply