I have an OpenVPN client connected to an OpenVPN server.
The server has the following routes:
Code:
default via 10.109.185.65 dev eth0 proto dhcp src 10.109.185.84 metric 100
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
10.109.185.64/27 dev eth0 proto kernel scope link src 10.109.185.84
10.109.185.65 dev eth0 proto dhcp scope link src 10.109.185.84 metric 100
The client has the following address on the tun0 virtual interface created by OpenVPN:
Code:
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.3/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::3c55:91d1:e8cf:7c55/64 scope link flags 800
valid_lft forever preferred_lft forever
From the server, I can ping the client by doing "ping 10.8.0.3" and it works fine.
Then I added a second IP address to tun0 on the client by doing "ip addr add 10.100.1.2/24 dev tun0". It shows up on the tun0 interface as:
Code:
inet 10.100.1.2/24 scope global tun0
valid_lft forever preferred_lft forever
On the server, I added a route for that subnet by doing "ip route add 10.100.1.0/24 dev tun0". It shows up in the route list as:
Code:
10.100.1.0/24 dev tun0 scope link
But trying a "ping 10.100.1.2" on the server failed.
Then I noticed that both the server and client had the following iptables FORWARD rule:
Code:
ACCEPT all -- 10.8.0.0/24 anywhere
So I added another FORWARD rule for the 10.100.1.0 subnet by doing "iptables -A FORWARD -s 10.100.1.0/24" on both the server and client.
But trying a "ping 10.100.1.2" on the server still fails.
Is there anything else I need to do in order to be able to ping 10.100.1.2 from the server?