OpenVPN Support Forum

Posted: **Tue Dec 21, 2010 7:39 am**

Hey all,

I have setup 2 x Debian boxes to run my VPN.

My goal is to link 2 LANs together with a openvpn tunnel, primarily for IP phones.

Here is my Config files from Server (LAN1) and Client (LAN2)

Server

Code: Select all

server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun
keepalive 10 120
daemon
writepid /var/run/openvpn.pid
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
verb 3
mute 20
client-to-client
cd /etc/openvpn
tls-server
tls-auth keys/ta.key 0
cipher BF-CBC
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
client-config-dir ccd
route 192.168.2.0 255.255.255.0
log         openvpn.log
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"

Client

Code: Select all

client
proto udp
dev tun
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
daemon
writepid /var/run/openvpn.pid
verb 3
mute 20
user nobody
group nogroup
cd /etc/openvpn
ca keys/ca.crt
cert keys/client1.crt
key keys/client1.key
tls-auth keys/ta.key 1
log openvpn.log

The Server is getting VPN IP 10.8.0.1 and the Client is setup with CCD to get 10.8.0.2.

I can ping each of the vpn boxes from each other and i can ping their respective LAN IPs but i cant ping anything behind it from either box.

I have setup on the Routers (ADSL Modems) a static route
LAN1: 192.168.2.0 255.255.255.0 > 192.168.1.220 (LAN2 subnet and server local IP on LAN1)
LAN2: 192.168.1.0 255.255.255.0 > 192.168.2.220 (LAN1 subnet and client local IP on LAN2)

and here is the results of route tables on the Debian boxes

Server

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.2.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth0

Client

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.3        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.8.0.0        10.8.0.3        255.255.255.0   UG    0      0        0 tun0
192.168.1.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0
0.0.0.0         192.168.2.254   0.0.0.0         UG    0      0        0 eth0

Can anyone please help me and shed some light on this.

Thanks for your help

Posted: **Tue Dec 21, 2010 2:43 pm**

*Update*
After enabling IP forwarding into what i think is short for system control on both boxes

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

i can now ping the entire LAN of the client side (LAN2 - 192.168.2.0/24) from the server side (LAN1 - 192.168.1.0/24) so thats all sweet

I can't ping the server side (LAN1) tho from the client side (LAN2). There are only 2 devices i can ping, the VPN Server and the Router on their private LAN1 IP addresses.

When i run a traceroute it gets to the VPN server tun IP - 10.8.0.1 but doesnt go any further, except for the router IP.

To fix this issue so far i forgot to add the route on both sides router for the VPN subnet 10.8.0.0/24 to go to their prospective vpn box LAN IP.

can anyone please give me any ideas?

im kinda tearing my hair out, i make a step further only to hit another mental brick wall lol.

Learning tho. after this i will be a networking genius. hahahhahahaha.

Posted: **Mon Dec 27, 2010 6:20 pm**

Hello,

Check your iptables rules on the server side. You'll need to explicitly allow traffic to be forwarded through tunN.

Let me know how it goes.

Regards,
Stephen

Posted: **Wed Dec 29, 2010 11:27 am**

**UPDATE**

Hey All,

Sorry been lazy (xmas break is my only time off).

Got this sorted, it ended up being the Firewall Router i was using, it didnt seem to route the requests correctly.

I implemented another test router and it worked perfectly, i then reset my original firewall router to default then all was good.

So moral of my issue,

Make sure you turn on ip forwarding and maybe try a different router.

Now another question in case anyone sees this, anyone know how to do QoS over the openvpn tunnel? i need to priorities certain packets that my IP phone system uses.

OpenVPN Support Forum

[SOLVED] Need Help with Config

[SOLVED] Need Help with Config

Re: Need Help with Config

Re: Need Help with Config

Re: Need Help with Config