Even if you don't have a NAT, OpenVPN should still work.
Ok, on the OpenVPN server, if you used my config file, in which there is a line
Code:
management localhost 7505
which sets up an interface to the running openvpn process. You can access this interface using telnet on the Openvpn server, thusly
Code:
telnet localhost 7505
Then, type
You should see a list of clients that are connected to the Openvpn server. If your Pi is among them (look for 10.8.0.2), then the Pi is connected to the server.
You can also check the log which, again if you used my config file, is in the logs folder (you did make a logs folder, didn't you?). Whatever file appears in the logs folder on the Openvpn server, should have the conversation between the server and any clients that attempt to connect.
You can also have a log on the Pi, again in a logs folder (which you have to remember to create) BTW, the name 'cumis' can be changed to something else, like DigitalOcean, for example. I just happen to connect to a system called 'cumis', so I named it 'cumis', coz I have multiple VPNs and I lose track of which is which.
In the Pi's log, you're looking for a line like
Code:
Wed Jun 7 09:20:09 2017 Initialization Sequence Completed
Anyhow, either by the 'status 3' method or by reading the logs, you should be able to see if the Pi is connected. Also, you can try 'nmap --iflist' which lists all the network interfaces the Pi is connected to. If you see 10.8.0.2 there, then a connection has been established.
Now, why can't you ssh to the Pi?
Ok, try using 'ssh -v pi@10.8.0.2'. The '-v' option outputs all kinds of info which may indicate where your problem is. If it just hangs, without producing any output, then it simply can't find 10.8.0.2 and you have a routing problem.
Check if your routing table on the Pi looks like this :-
Code:
pi@raspberrypi ~ $ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 202 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.100.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
pi@raspberrypi ~ $
where 192.168.100.1 is replaced by the IP address of the router on the Pi's local area network.
From inside your Pi, you should be able to ping that local area network's router and if the vpn is up, the digitalocean vpn server at 10.8.0.1 as well. See if you can ping other IP addresses on the Pi's local area network as well.
If it
does produce copious amounts of output, then you may have an authentication problem.
My Pi's sshd_config file looks like
Code:
root@raspberrypi:~# grep ^[^#] /etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
root@raspberrypi:~#
You might want to check your /etc/ssh/sshd_config file against that.
Also, check that sshd is actually running on the Pi, by typing
coz, you know, sometimes we forget to turn these things on. It's happened to me before. Not once, several times. I put it down to approaching senility.
Ok, now I haven't really had to resort to bridging networks together, mainly becoz once ssh is working, I use it to proxy through to anything behind the ssh server. Ssh is really good stuff. I keep finding more tricks it can do as time goes by.
I know I used to do rdesktop over ssh in a previous job. And rdesktop over openvpn is possible even on Windows using Remote Desktop Connection (or whatever they're calling it nowadays)
Script to tunnel RDP over ssh (once you get ssh working)
Code:
#!/bin/bash
killall ssh
ssh -f -N -P -L 3392:<ip-of-windows-machine-you-want-to-get-to>:3389 pi@10.8.0.2
rdesktop -f -u '' localhost:3392
Hope this helps.