Why the network behind the client does not respond?

B

bamond2015-09-22 12:06:59

openvpn

bamond, 2015-09-22 12:06:59

Good afternoon.
Available:
OpenVPN server:
eth1 - 192.168.2.1 - local
tun0 - 192.168.40.1 - vpn

port 1194
mode server
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
client-to-client
server 192.168.40.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push route 192.168.2.0 255.255.255.0
;push redirect-gateway tun0
route 192.168.1.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
client-config-dir /etc/openvpn/ccd
verb 3

netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         REMOTE_IP_ADDRESS  0.0.0.0         UG        0 0          0 eth0
localnet        *               255.255.255.240 U         0 0          0 eth0
192.168.1.0    192.168.40.2    255.255.255.0   UG        0 0          0 tun0
192.168.2.0    *               255.255.255.0   U         0 0          0 eth1
192.168.40.0    192.168.40.2    255.255.255.0   UG        0 0          0 tun0
192.168.40.2    *               255.255.255.255 UH        0 0          0 tun0

OpenVPN client:
eth1 - 192.168.1.50 - local
tun0 - 192.168.40.5 - vpn

client
dev tun
proto tcp
remote SERVER_IP_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert user.crt
key user.key
ns-cert-type server
comp-lzo
log /var/log/openvpn.log
verb 3

netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
localnet        *               255.255.255.0   U         0 0          0 eth1
192.168.2.0    192.168.40.5    255.255.255.0   UG        0 0          0 tun0
192.168.1.0    192.168.21.31   255.255.255.0   UG        0 0          0 eth1
192.168.40.0    192.168.40.5    255.255.255.0   UG        0 0          0 tun0
192.168.40.5    *               255.255.255.255 UH        0 0          0 tun0

from the CLIENT's network, ANY machine can ping ANY machine from the server's network.
But from the server side, even the eth1 interface of the client does not respond. not to mention the cars behind the client.
Prompt please in what there can be a business and where to dig?
There is also one subtlety that the CLIENT IS NOT a gateway for its network.
Gateway routes in network 1.0

Destination        Gateway            Flags    Refs      Use  Netif Expire
localhost          link#5             UH          0    13695    lo0
192.168.1.0       link#1             U           9 4777923939    int
192.168.1.31      link#1             UHS         6        2    lo0
192.168.2.0       192.168.1.50      UGS         0   553876    int
192.168.40.0       192.168.1.50      UGS         0       32    int

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

B

bamond, 2015-09-22
@bamond

Found a problem.
The server must have a file with the following line - iroute 192.168.1.0 255.255.255.0
/etc/openvpn/ccd/cname_client
cname_client - must match the user.src (client) certificate

C

Cool Admin, 2015-09-22
@ifaustrue

This is confusing on the server:
192.168.1.0 192.168.40 .2 255.255.255.0 UG 0 0 0 tun0
Should be: 192.168.1.0
192.168.40 .5 255.255.255.0 UG 0 0 0 tun0
On the client: 192.18.168. .5 255.255.255.0 UG 0 0 0 tun0 And it should logically: 192.168.2.0 192.168.40 .1 255.255.255.0 UG 0 0 0 tun0 It's strange how it works for you =)