OpenVPN Support Forum

Server config:

local 192.168.140.x
port 5903
proto tcp
dev tun
server 192.168.100.0 255.255.255.0
push "route 192.168.160.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120

Client config:
remote <public ip>
dev tun
proto tcp
resolve-retry infinite
nobind
persist-key
persist-tun

The network is:
LAN 192.168.160.0
DMZ 192.168.140.0

OPVN server is in the DMZ, I'm trying to just get a test ssh to a known server on the back end from a client. Server is CentOS, ovpn 2.2.1 x86_64. Client is winxp latest install of ovpn.

What it looks like is I'm not getting routing out of the server for client traffic. Meaning, from the client I try to putty to the LAN side server and it fails. The ovpn server has this: GET INST BY VIRT: 192.168.160.x [failed]

I've looked that up but I thought the push commands in the server config would cover client routing for that so I'm assuming this is a server routing issue.

IPTables and SELinux are on. Right now I have the following commands set:
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # vpn to ethernet
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT # ethernet to vpn
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT

I'm just sort of spamming things at the system at this point, I'm lost as to where to keep looking.

Hello.

LAN 192.168.160.0 is on server's side?
eth0 on server what ip mask has?

Means your OpenVPN server has two phisical interfaces, is it right?

Oh FFS.

I'd swear on my grandfather's grave I set ip_forward.

Going back over the setup, sure enough it's a zero. Set it to one...oh look! forwarding!

ugh, sorry for the useless thread.

Thx for the assist Mimiko.