Can't reach gateway
Posted: Wed Mar 08, 2023 9:27 am
Hi!
Here I am with my first problem
I have a modem/router/NAT with IP 192.168.13.1(fixed) and a machine running SSH/OpenVPN/DHCP/DNS with IP 192.168.13.2(fixed) and some other things which get their IP via DHCP 192.168.13.xxx .
OpenVPN runs fine except one thing- on a client machine I can ping everything from 192.168.13.2 onward, but not 192.168.13.1 itself.
I can browse to 192.168.13.1 using an SSH tunnel though (ssh x@y.org -L 127.0.0.1
192.168.13.1:80)...
So I guess something is missing in my server.conf...
Can somebody help me out?
TIA,
Heiko
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 192.168.13.0 255.255.255.0"
push "dhcp-option DNS 192.168.13.2"
push "dhcp-option DOMAIN home.arpa"
push "dhcp-option DOMAIN-SEARCH home.arpa"
keepalive 10 120
tls-auth ta.key 0
max-clients 2
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
auth SHA512
tls-cipher "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
tls-ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
data-ciphers "AES-256-GCM:AES-256-CBC:CHACHA20-POLY1305"
cipher "AES-256-GCM"
reneg-sec 1800
OpenVPN 2.5.1 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.13.1 dev eth0
Diffie-Hellman initialized with 4096 bit key
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TUN/TAP device tun0 opened
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.8.0.1/24 dev tun0
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[131072->131072] S=[16384->16384]
Listening for incoming TCP connection on [AF_INET][undef]:1194
TCPv4_SERVER link local (bound): [AF_INET][undef]:1194
TCPv4_SERVER link remote: [AF_UNSPEC]
GID set to nogroup
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=10.8.0.2 size=252
ifconfig_pool_read(), in='no1,10.8.0.2,'
succeeded -> ifconfig_pool_set(hand=0)
ifconfig_pool_read(), in='no2,10.8.0.3,'
succeeded -> ifconfig_pool_set(hand=1)
ifconfig_pool_read(), in='no3,10.8.0.4,'
succeeded -> ifconfig_pool_set(hand=2)
IFCONFIG POOL LIST
no1,10.8.0.2,
no2,10.8.0.3,
no3,10.8.0.4,
MULTI: TCP INIT maxclients=2 maxevents=6
Initialization Sequence Completed
Here I am with my first problem
I have a modem/router/NAT with IP 192.168.13.1(fixed) and a machine running SSH/OpenVPN/DHCP/DNS with IP 192.168.13.2(fixed) and some other things which get their IP via DHCP 192.168.13.xxx .
OpenVPN runs fine except one thing- on a client machine I can ping everything from 192.168.13.2 onward, but not 192.168.13.1 itself.
I can browse to 192.168.13.1 using an SSH tunnel though (ssh x@y.org -L 127.0.0.1
192.168.13.1:80)...So I guess something is missing in my server.conf...
Can somebody help me out?
TIA,
Heiko
server_config
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 192.168.13.0 255.255.255.0"
push "dhcp-option DNS 192.168.13.2"
push "dhcp-option DOMAIN home.arpa"
push "dhcp-option DOMAIN-SEARCH home.arpa"
keepalive 10 120
tls-auth ta.key 0
max-clients 2
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
auth SHA512
tls-cipher "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
tls-ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
data-ciphers "AES-256-GCM:AES-256-CBC:CHACHA20-POLY1305"
cipher "AES-256-GCM"
reneg-sec 1800
server_log
OpenVPN 2.5.1 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.13.1 dev eth0
Diffie-Hellman initialized with 4096 bit key
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TUN/TAP device tun0 opened
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.8.0.1/24 dev tun0
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[131072->131072] S=[16384->16384]
Listening for incoming TCP connection on [AF_INET][undef]:1194
TCPv4_SERVER link local (bound): [AF_INET][undef]:1194
TCPv4_SERVER link remote: [AF_UNSPEC]
GID set to nogroup
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=10.8.0.2 size=252
ifconfig_pool_read(), in='no1,10.8.0.2,'
succeeded -> ifconfig_pool_set(hand=0)
ifconfig_pool_read(), in='no2,10.8.0.3,'
succeeded -> ifconfig_pool_set(hand=1)
ifconfig_pool_read(), in='no3,10.8.0.4,'
succeeded -> ifconfig_pool_set(hand=2)
IFCONFIG POOL LIST
no1,10.8.0.2,
no2,10.8.0.3,
no3,10.8.0.4,
MULTI: TCP INIT maxclients=2 maxevents=6
Initialization Sequence Completed