Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nird2021-05-25 06:57:04
linux
Nird, 2021-05-25 06:57:04

Access to the local network of the OpenVPN client on Mikrotik?

Good afternoon.

Topology:
Network behind the server (192.168.127.0) - gateway aka VPN server (192.168.127.89 ip tun0 10.8.0.1)
- INTERNET -
VPN client aka client network gateway (192.168.130.1 ip VPN 10.8.0.3) - client network ( 192.168.130.0)

There is a Debian server running OpenVPN. Server network 192.168.127.0
The client on Mikrotik connects to this server and sees the network behind the server. Client network 192.168.130.0
VPN network 10.8.0.0
VPN client IP address 10.8.0.3. Available from other VPN clients and from the server, but the client's IP address 192.168.130.1 is not accessible from the server.

server config
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.127.0 255.255.255.0"
client-config-dir ccd
route 192.168.130.0 255.255.255.0
client-to-client
keepalive 10 120
key-direction 0
cipher AES-256-CBC
auth SHA1
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3
explicit-exit-notify 0


The client sees the network behind the server, but the server does not see the client's network.

Server routes:
default via xx.xx.xx.1 dev enp1s1 
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1 
192.168.1.0/24 dev enp1s0 proto kernel scope link src 192.168.1.2 
192.168.127.0/24 dev enp2s0 proto kernel scope link src 192.168.127.89 
192.168.130.0/24 via 10.8.0.3 dev tun0


Client routes:
 > ip route print 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.1.1               1
 1 ADC  10.8.0.0/24        10.8.0.3        ovpn-out1                 0
 2  DS  10.8.0.0/24                        10.8.0.1                  1
 3 ADC  192.168.1.0/24     192.168.1.179   ether1                    0
 4 ADS  192.168.127.0/24                   10.8.0.1                  1
 5 ADC  192.168.130.0/24   192.168.130.1   bridge                    0

In the firewall on microt, all prohibiting rules are turned off, for the sake of testing.
From the server I try traceroute 192.168.130.1 but there is silence in response. As if there is no route.
What could be the blockage?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
N
netherneon2011-04-07 23:07:24
And again 32 vs 64 bits OS? 5Reply
C
Cyril2015-10-05 19:01:03
How to access AD in Bash? 1Reply
M
Melanitsky2011-04-09 13:33:49
package manager error in ubuntu 2Reply
I
Ilya Pavlov2015-10-05 21:13:19
Laravel not installing? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question