OpenVPN setup - can ping only one way across VPN tunnel
I have an OpenVPN setup. It seems to be OK but I think I'm missing something. From the VPN client I can ping, across the tunnel, all the machines on the local side of VPN server. Also I can ftp and telnet to any machine on the local network.
I cannot, however, ping the VPN client from any of the machines on the local network. I'm not sure but I don't think that this how it's supposed to be. The only thing that comes to my mind that the routing on the server is not configured properly as I have all the machines on the local network configured to use the VPN server as the gateway. The OpenVPN server is configured to forward all the traffic:
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/conf/all/ip_forward = 1
The OpenVPN server is version 2.0.6, I'm running in on SuSE 9.3. Below is my server and client configuration.
Server configuration file:
Client Lan users to communicate with OpenVPN remote clients?
Hi Rob! Looks like we have the same problem. Just want to ask if you were able to resolve this? I am using IPCop and downloaded OpenVPN add-on for this one. My client LAN's network is 192.168.0.0/24. As per the configuration, OpenVPN provides an IP range of 10.0.10.0/255.255.255.0 to remote VPN clients. I understand that this is needed to avoid conflicts on IPs. However, my goals are:
1.) For the client LAN to be able to communicate with remote VPN clients even on a different network using 10.0.10.0/255.255.255.0 subnet.
2.) For the remote VPN clients to communicate by themselves. For example, VPN clients A and B should be able to communicate as well as VPN client A to communicate with client lan A.
Hope you already solved yours so you can help me out. Thanks.
I solved my problem. In my case it was a firewall on VPN client.
As for your problems:
2. Make sure that in the server configuration file you have the line 'client-to-client' uncommented. That line permits VPN clients to see one another.
1. In the server configuration uncomment the line
10.11.0.0/16 - private side of VPN server
10.1.1.0/24 - regular IP addresses (VPN server - 10.1.1.25, VPN client 10.1.1.8)
10.0.8.0/24 - VPN tunnel addresses
Now, you must set the gateways. I set the default gateway on my VPN client to 10.1.1.25 (to be honest, it also worked when I didn't. But do it just to make sure. You can set it back afterwards when you make sure that it works). Also, set the default gateways on all the boxes on the private side of VPN server to VPN server's private side IP address. In my case it was 10.11.38.100. That should take care of the problem.
If this doesn't work you may want to consider setting up bridge tunnel. It's not as difficult as they say.
Thanks man...It worked pretty well! If you're not that busy, can I ask you another question? Is it possible in OpenVPN to connect two branches with two different public network? To illustrate, we do have a 512 kbps connection on our office A. We also have another office B with the same connection speed but on a different provider. I want to link offices A and B. Is it possible to just establish a VPN connection on the B's server and route the private LAN so that the client LAN on office A can ping all client LAN on B's office?
Sorry if I am having hard time saying what I want to do. But I hope you get what I mean. The goal is instead of installing OpenVPN client to everyones machine on office A and B, I just need to establish the connection on the server and make every workstation communicate with each other. Its just like having a big network though the machines are not physically connected with each other. By using public connection, I want to link both of them. Hope you can help me out on this. Thanks again.
|All times are GMT -5. The time now is 12:39 AM.|