Hi there!
I'm looking for some help with my special networking configuration.
The case:
I'm running two dedicated Linux servers (openSUSE). Both servers are connected through public IP addresses to the internet. Each server hosts a VMware with another Linux inside.
SRV1: dedicated, external
SRV2: dedicated, external
SRV3: VMware, hosted on SRV1, host-only network
SRV4: VMware, hosted on SRV2, host-only network
SRV1 and SRV2 are the entry points for OpenVPN from external clients. SRV1 and SRV2 are although connected through an OpenVPN connection for save data sharing.
My problems:
SRV3 can't connect to SRV2 and SRV4.
SRV4 can't connect to SRV1 and SRV3.
External OpenVPN clients connected to SRV1 can't reach SRV2 and SRV4.
External OpenVPN clients connected to SRV2 can't reach SRV1 and SRV3.
Here are my configurations:
SRV1, IP: 192.168.161.1
Code:
srv1:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.4.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun2
85.xx.xx.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.8.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
10.8.3.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.162.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet3
10.8.4.0 10.8.4.5 255.255.255.0 UG 0 0 0 tun2
192.168.160.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.161.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet2
10.8.3.0 10.8.3.2 255.255.255.0 UG 0 0 0 tun0
10.8.1.0 10.8.1.2 255.255.255.0 UG 0 0 0 tun1
192.168.171.0 10.8.4.5 255.255.255.0 UG 0 0 0 tun2
192.168.172.0 10.8.4.5 255.255.255.0 UG 0 0 0 tun2
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 85.xx.xx.1 0.0.0.0 UG 0 0 0 eth0
srv1:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SRV1 OpenVPN server.conf (for external OpenVPN clients)
server 10.8.1.0 255.255.255.0
push "route 192.168.161.0 255.255.255.0"
push "route 192.168.162.0 255.255.255.0"
push "route 192.168.171.0 255.255.255.0"
push "route 192.168.172.0 255.255.255.0"
SRV1 OpenVPN server-int.conf (for server connection to SRV2)
server 10.8.3.0 255.255.255.0
push "route 192.168.161.0 255.255.255.0"
push "route 192.168.162.0 255.255.255.0"
SRV2, IP: 192.168.171.1
Code:
srv2:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.4.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun1
10.8.3.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun2
85.xx.xx.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.162.0 10.8.3.5 255.255.255.0 UG 0 0 0 tun2
10.8.4.0 10.8.4.2 255.255.255.0 UG 0 0 0 tun0
192.168.161.0 10.8.3.5 255.255.255.0 UG 0 0 0 tun2
10.8.2.0 10.8.2.2 255.255.255.0 UG 0 0 0 tun1
10.8.3.0 10.8.3.5 255.255.255.0 UG 0 0 0 tun2
192.168.170.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet2
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet3
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 85.xx.xx.1 0.0.0.0 UG 0 0 0 eth0
srv2:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SRV2 OpenVPN server.conf (for external OpenVPN clients)
server 10.8.2.0 255.255.255.0
push "route 192.168.161.0 255.255.255.0"
push "route 192.168.162.0 255.255.255.0"
push "route 192.168.171.0 255.255.255.0"
push "route 192.168.172.0 255.255.255.0"
SRV2 OpenVPN server-int.conf (for server connection to SRV2)
server 10.8.4.0 255.255.255.0
push "route 192.168.171.0 255.255.255.0"
push "route 192.168.172.0 255.255.255.0"
SRV3, IP: 192.168.161.128
Code:
srv3:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.161.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.161.1 0.0.0.0 UG 0 0 0 eth1
srv3:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
SRV4, IP: 192.168.171.128
Code:
srv4:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.171.1 0.0.0.0 UG 0 0 0 eth0
srv4:~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I would be glad if anybody could help.
Thanks,
RWF