Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Valery Ryaboshapko2015-08-25 11:49:45
linux
Valery Ryaboshapko, 2015-08-25 11:49:45

How to help VPN clients see each other?

Greetings.
There are three cars. On one of them, the VPN server, on the other RDP server, on the third RDP client. It is necessary that from the third machine to be connected on the second. I still managed to raise the tunnels, but the machines do not see each other, even the server. Tell me what I missed?
Server config

port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
dh keys/dh4096.pem
server 192.168.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 4

Client config (same, only keys and certificates differ)
client
remote vpn.example.com
dev tun
nobind
persist-key
persist-tun
keepalive 3 10
fragment 1400
verb 2
log-append openvpn.log
cipher BF-CBC
ca [inline]
cert [inline]
key [inline]
comp-lzo
askpass pass

<ca>
...
</ca>
<key>
....
</key>
<cert>
...
</cert>

After connecting the client, I see this picture
$ ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.168.10.6  P-t-P:192.168.10.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

$ route
Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags Metric Ref Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
192.168.1.0     *               255.255.255.0   U     9      0        0 wlan0
192.168.10.0    192.168.10.5    255.255.255.0   UG    0      0        0 tun0
192.168.10.5    *               255.255.255.255 UH    0      0        0 tun0

In theory, everything is correct, but the pings do not go, neither to the server, nor to another client. ICMP is enabled, plus I tried to telnet to open ports to pick up.
So what did I miss?
UPD. I enabled the forward in the server core, but this did not change the situation: pings still do not reach the server, so there is nothing for it to forward.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
L
ldv, 2015-08-25
@valerium

does tcpdump see pings on the server?
fragment must be specified on both sides

Report
M
mureevms, 2015-08-25
@mureevms

Is the forward in the kernel on the OVPN server enabled?
echo "1" > /proc/sys/net/ipv4/ip_forward

Report
R
Radjah, 2015-12-30
@Radjah

I don't see client-to-client in the server config.

Similar questions
D
Denis Balandin2019-12-04 10:18:49
How do I replace the "Add to Cart" button for a specific brand? 2Reply
C
crossfire2014-11-01 17:44:12
Why do Anacron and Logwatch email errors? 4Reply
A
Alexander Degtyarev2016-10-31 00:16:07
Are there non-interface wasps, what are they called correctly? 2Reply
A
Altai Baiterekov2020-12-13 20:32:14
Choosing an operating system for a weak laptop? 6Reply
M
Mika Slepinin2016-10-31 16:16:33
Is there a playbook generator, or a set of templates for all cases for Ansible? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question