OpenVPN Support Forum

Posted: **Mon Aug 07, 2023 11:09 am**

Hi,

I have setup a site-to-site with the following:

server (debian 12):

port 1196
proto udp
dev tap0
server-bridge
script-security 2
persist-key
persist-tun
keepalive 10 120
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_sSnJJ5oZEjgdWysw.crt
key server_sSnJJ5oZEjgdWysw.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
up "up br0 eth1"
down "down br0 eth1"
down-pre

up script

Code: Select all

#!/bin/bash
br=$1
eth=$2
dev=$3
mtu=$4
cd /sbin/

brctl addbr $br
brctl setfd $br 0
brctl addif $br $eth
brctl addif $br $dev

ip link set $eth up promisc on mtu $mtu
ip link set $dev up promisc on mtu $mtu

and client

Code: Select all

client
proto udp
remote <myip> 1196
dev tap
dev-node "OpenVPN TAP-Windows6"
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_sSnJJ5oZEjgdWysw name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 3

The DHCP Server is running behind the client (yes, behind the client - because I cannot host anything to outside at this network, but I want/must use the DHCP/Gateway from VPN-Client-LAN-network).

Now when the VPN-client is connected to the VPN-server, LAN-clients behind the server bridge get an ipv4 via dhcp and an ipv6 via dhcp6/slaac from the DHCP server on the client side. This is working as expected.

But:

From server-side-lan, with ipv4, I can only reach the VPN-client itself, not lan-clients behind the VPN-client-bridge.
But I can reach the LAN-clients via IPv6.

What have I missed here? Any suggestions?

Tnx in advance

OpenVPN Support Forum

site-to-site ipv6 working ipv4 not working

site-to-site ipv6 working ipv4 not working