First of all I must confess I have no understanding of Linux networking except some basic commands (i.e ifconfig) etc and neither I am a networking person, I am a developer and trying to setup a OpenVPN server. Here is the scenario
I have a server with public IP address (this is outside of my company network) and a client which is on my company network behind a firewall. I want to create a VPN network with my server (which have public ip address) and my client which is in my company LAN behind firewall.
Both are Ubuntu systems. I have installed openvpn on both machines, and running openvpn as following
External IP = A.B.C.D
VPN IP = 192.168.1.1
sudo openvpn --dev tun --port 8080 --verb 5 --ifconfig 192.168.1.1 192.168.1.2 --secret staticVPN.key
External IP = DHCP on Company LAN behind Firewall.
VPN IP = 192.168.1.2
sudo openvpn --remote A.B.C.D --dev tun --verb 5 --port 8080 --ifconfig 192.168.1.2 192.168.1.1 --secret staticVPN.key
The problem is when I ping from client -> server or vice versa nothing happens. On the client when I start openvpn I see following line at the end of the log
UDPv4,ifconfig 192.168.1.2 192.168.1.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Apr 18 12:53:42 2013 us=336508 Local Options hash (VER=V4): '1da4bff1'
Thu Apr 18 12:53:42 2013 us=336539 Expected Remote Options hash (VER=V4): '36e3af21'
Thu Apr 18 12:53:42 2013 us=336582 Socket Buffers: R=[112640->131072] S=[112640->131072]
Thu Apr 18 12:53:42 2013 us=336609 UDPv4 link local (bound): [undef]
Thu Apr 18 12:53:42 2013 us=336632 UDPv4 link remote: [AF_INET]A.B.C.D:8080
Thu Apr 18 12:55:43 2013 us=255431 NOTE: failed to obtain options consistency info from peer -- this could occur if the remote peer is running a version of OpenVPN before 1.5-beta8 or if there is a network connectivity problem, and will not necessarily prevent OpenVPN from running (0 bytes received from peer, 0 bytes authenticated data channel traffic) -- you can disable the options consistency check with --disable-occ.
It seems to me it has something to do with routing / rules. On the server I have added some rules without any understanding what I am doing but no effect. On the server I did following
tcpdump -i eth0
tcpdump -i tun0
With above I was hoping my ping traffic will be forwarded from tun0 to eth0 to reach the VPN client, but I see nothing related to tun0 on the dump of eth0.
As I have mentioned above it seems to me this has something to do with routing rules / port forwarding on both VPN server & VPN client which I am missing, can anyone suggest something here.
Thank you for your time