packets stuck/filtered inside vpn??

Started by Wired Life, January 26, 2022, 02:09:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 26, 2022, 02:09:47 AM
Hello, i've got a problem,
my sense is connecting to a openvpn server and i want to route one special client over this connection.
This works fine but only if i enable outbound nat on the sense.
If i disable outbound nat, the client cant access internet through vpn and cant ping the server.

VPN: 10.250.0.1
Sense: 10.250.0.2
Client: 192.168.191.10
Pings:
VPN -> Sense = OK
Sense -> VPN = OK
Client -> Sense = OK
Sense -> Client = NOK
Client -> VPN = NOK
VPN -> Client = NOK

server.conf
Code Select
port 54058
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.250.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 192.168.191.0 255.255.255.0
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_2jEVQSBICbe6x00i.crt
key server_2jEVQSBICbe6x00i.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

ip routes vpn server
Code Select
root@1becf65a:~# ip route get 10.250.0.2
10.250.0.2 dev tun0 src 10.250.0.1 uid 0
    cache

root@1becf65a:~# ip route get 192.168.191.1
192.168.191.1 via 10.250.0.2 dev tun0 src 10.250.0.1 uid 0
    cache

iptables server
Code Select
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

routes sense
Code Select
10.250.0.0/24      10.250.0.1         UGS      ovpnc6
10.250.0.1         link#39            UH       ovpnc6
10.250.0.2         link#39            UHS         lo0

tcpdump on sense with ping from client to vpn server running
Code Select
root@F1R3W4LL:~ # tcpdump -nn -i ovpnc6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpnc6, link-type NULL (BSD loopback), capture size 262144 bytes
01:55:31.543568 IP 192.168.191.10 > 10.250.0.1: ICMP echo request, id 31, seq 5, length 64
01:55:32.567544 IP 192.168.191.10 > 10.250.0.1: ICMP echo request, id 31, seq 6, length 64
01:55:33.591488 IP 192.168.191.10 > 10.250.0.1: ICMP echo request, id 31, seq 7, length 64
01:55:34.615450 IP 192.168.191.10 > 10.250.0.1: ICMP echo request, id 31, seq 8, length 64
01:55:35.639393 IP 192.168.191.10 > 10.250.0.1: ICMP echo request, id 31, seq 9, length 64

on the other side i get nothing
Code Select
root@1becf65a:~# tcpdump -nn -i tun0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on tun0, link-type RAW (Raw IP), snapshot length 262144 bytes

Looks like the packets are stuck inside the vpn or being filtered.
Has anyone an idea whats going on?
As i said, with enabled outbound nat, everything is working fine.
Print
Go Up Pages1
User actions