Answer the question
In order to leave comments, you need to log in
I can not understand why the tunnel does not work?
Good day.
Please help with setting up a tunnel between two networks.
Available: Two networks, each with its own Debian gateway. Each gateway has 2 Internet interfaces and 1 local one. The server network is 192.168.0.0, the client network is 192.168.1.0. It is not possible to set up a tunnel between them. Ping from the client goes only to the server gateway (192.168.0.1), ping from the server does not even go to the client gateway (192.168.1.0). Forwards in iptables are allowed. Routes seem to be set up, but it's possible that it's wrong. I will attach the OpenVPN server and client settings in the comments
Answer the question
In order to leave comments, you need to log in
MaxxDamage ,
Server config:
Usually, the third parameter is not set in the route - it is substituted automatically - the address of the VPN server.
push "route ..." sets the route on the client to the network behind the server. At you this command registers a route for the client on the client. This route is already present on the client.
It is necessary to bring it into the following variant:
After connecting the client, the corresponding route should appear in its routing table.
This directive
is not correct.
route adds a route on its side (i.e. on the server side in this case). You need to specify the client address in the third parameter (10.8.0.1 is probably the server address).
But it is better to transfer this directive to the client config on the server (this is the one that lies in the path specified in the client-config-dir directive) in the following form:
Then when the client connects, the route to its network will be added on the server, the client address will automatically be added to the does not need to be specified explicitly.
Client config:
Directive
is not needed here. Its functions are performed by the push "route ..." directive in the server config.
In general, usually the client config is made as simple as possible. All routing is perfectly configured on the server side.
In general, you can completely debug the VPN configuration on virtual machines in your virtual network and transfer it to real hardware, replacing only the listening address of the server in the local directive.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question