How to connect networks with OpenVPN?

I

i_goodwin2019-05-22 12:22:03

openvpn

i_goodwin, 2019-05-22 12:22:03

Good afternoon! I'm struggling with the task of combining two networks when connecting to an OpenVPN server.
There is a machine with Ubuntu Server (local address 192.168.0.100, gateway 192.168.0.1), an OpenVPN server is running on it.
There is a remote client (local address 192.168.43.101, gateway 192.168.43.1)
There is an OpenVPN server configuration file:

port 1194
proto udp
dev tun
user openvpn
group openvpn
cd /etc/openvpn
persist-key
persist-tun
tls-server
tls-timeout 120
dh /etc/openvpn/dh.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/vpn-server.crt
key /etc/openvpn/server.key
crl-verify /etc/openvpn/crl.pem
tls-auth /etc/openvpn/ta.key 0
server 10.15.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
topology subnet
max-clients 5
push "dhcp-option DNS 10.15.0.1"
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.43.0 255.255.255.0"
route 10.15.0.0 255.255.255.0
route 192.168.43.0 255.255.255.0
comp-lzo
keepalive 10 120
status /var/log/openvpn/openvpn-status.log 1
status-version 3
log-append /var/log/openvpn/openvpn-server.log
verb 3
mute 20

Routing table at 192.196.43.101:

IPv4 таблица маршрута
===========================================================================
Активные маршруты:
Сетевой адрес           Маска сети      Адрес шлюза       Интерфейс  Метрика
          0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.101     55
        10.15.0.0    255.255.255.0         On-link        10.15.0.12    291
       10.15.0.12  255.255.255.255         On-link        10.15.0.12    291
      10.15.0.255  255.255.255.255         On-link        10.15.0.12    291
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0        10.15.0.1       10.15.0.12     35
     192.168.43.0    255.255.255.0         On-link    192.168.43.101    311
   192.168.43.101  255.255.255.255         On-link    192.168.43.101    311
   192.168.43.255  255.255.255.255         On-link    192.168.43.101    311
     192.168.79.0    255.255.255.0         On-link      192.168.79.1    291
     192.168.79.1  255.255.255.255         On-link      192.168.79.1    291
   192.168.79.255  255.255.255.255         On-link      192.168.79.1    291
    192.168.182.0    255.255.255.0         On-link     192.168.182.1    291
    192.168.182.1  255.255.255.255         On-link     192.168.182.1    291
  192.168.182.255  255.255.255.255         On-link     192.168.182.1    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    192.168.43.101    311
        224.0.0.0        240.0.0.0         On-link     192.168.182.1    291
        224.0.0.0        240.0.0.0         On-link        10.15.0.12    291
        224.0.0.0        240.0.0.0         On-link      192.168.79.1    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    192.168.43.101    311
  255.255.255.255  255.255.255.255         On-link     192.168.182.1    291
  255.255.255.255  255.255.255.255         On-link        10.15.0.12    291
  255.255.255.255  255.255.255.255         On-link      192.168.79.1    291

Routing table on the server:

Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags Metric Ref Use Iface
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
10.15.0.0       *               255.255.255.0   U     0      0        0 tun0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.43.0    10.15.0.2       255.255.255.0   UG    0      0        0 tun0

ping from 192.196.43.101:
up to 192.168.0.100
up to 192.168.0.1 no
Question: why is there no ping and where did the address 10.15.0.2 come from in the routing table?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dmitry, 2019-05-22
@hempy80

where did the address 10.15.0.2 come from in the routing table

this is the address of the tunnel interface of the client, with the directive

route 192.168.43.0 255.255.255.0

you added this route to the client's network through it,
there is no ping to 192.168.0.1 because this host is not aware of the existence of the 192.168.43.0 network at all, so it sends back packets according to its routing table, most likely through an ISP that discards them to hell. Ways out of the situation:
1) Configure NAT on the VPN server
2) Register a route to 192.168.0.1 like 192.168.43.0 via 192.168.0.100
3) And the most correct option is for site-to-site vpn, the server and client should be placed on gateways default

Z

Zzzz9, 2019-05-22
@Zzzz9

What is the address 10.15.0.0 ?, this is the network address.