Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dsslesarev2020-02-16 15:41:04
openvpn
dsslesarev, 2020-02-16 15:41:04

Can't see network behind openvpn server?

Everything seems to be configured correctly, but I do not see the network behind the openvpn server. What's the matter tell me?
The network behind the server: 10.15.17.0
Although the server itself is visible as 10.15.17.1.
But 10.15.17.2 and so on is gone.

And another problem is when I want the route 10.15.17.0 to give current to one client
In the server config, I removed push route "10.15.17.0 255.255.255.0"

And added iroute 10.15.17.0 255.255.255.0 to the client file in ccd and I can't ping 10.15.17.1

Client networks :
192.168.0.0
192.168.1.0

server.conf

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
## передача маршрутов клиентам (сети для примера)
## можно передавать всем все сразу, или выборочно в файлах ccd/clientX
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 10.15.17.0 255.255.255.0"
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
client-config-dir ccd
## маршрутизация для сервера, если понадобится
route 192.168.0.0 255.255.255.0
route 192.168.1.0 255.255.255.0
route-gateway 10.8.0.1
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-128-CBC
auth SHA1
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"


CD clinet
/etc/openvpn/ccd/client1
iroute 192.168.0.0 255.255.255.0
ifconfig-push 10.8.0.11 255.255.255.0


client.conf

client
dev tun
proto udp
remote vpn.ru
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher aes-128-cbc
auth sha1
comp-lzo
tls-client
remote-cert-tls server
key-direction 1



System setup

/etc/sysctl.conf раскомментировал net.ipv4.ip_forward=1
/etc/default/ufw DEFAULT_FORWARD_POLICY="ACCEPT"

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
res2001, 2020-02-16
@res2001

Yes, your config seems to be correct.
To check, you can on the client, after connecting to the VPN, look at the routing table, there should be a route to the desired network through the VPN server.
But this is not enough - the computers in the network behind the VPN server must know the route to the computers in the VPN network. If the VPN server is not the default gateway for computers on the network, then this route must be added to each computer (which needs to interact with VPN clients) manually (or in any available way, for example, through DHCP options, etc.).

Report
A
Andrey Barbolin, 2020-02-16
@dronmaxman

You have to diagnose bit by bit. Enable tcpdump and wireshark on each node in turn and see where packets are being lost.

Similar questions
V
Valery Sotnikov2014-10-22 20:49:15
How to disconnect the Internet from OpenVPN on the client? 1Reply
E
Elnur Tazhimbetov2019-03-28 22:10:18
How to connect to the Internet through a computer on iPhone? 1Reply
I
i_goodwin2019-04-08 10:10:35
How to build a route to an OpenVPN server? 1Reply
A
admin4eg2014-11-19 10:16:47
Openvpn routing, why doesn't the server see the internal addresses behind the client? 2Reply
T
Toy662014-11-21 09:29:25
Why did OpenVPN stop connecting? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question