[SOLVED] OpenVPN Site to Site - Can't reach client network from server network

Started by abrue, May 20, 2022, 02:27:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 20, 2022, 02:27:18 PM Last Edit: October 01, 2022, 07:02:47 PM by abrue
Dear community

After intense reading in this forum and on other sites of the internet, I permit myself to create a new post.

My problem is the following:
I am able to reach server side IPs from the client side but cannot reach client side IPs from the server side.
And to make it a bit more strange:
- from the opnsense-firewall on the server side, I can reach clients in the client-network.
- from a client on the server side, I can traceroute to clients in the client-network, but cannot ping them.


My configuration is the following:

Network-diagramm (see attachment)

OpenVPN-Server-config
Code Select
Server Mode: Peer to Peer (SSL/TSL)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Local Network: 192.168.178.0/24
IPv4 Remote Network:192.168.0.0/24

Dynamic IP: checked
Address Pool: checked
Topology: checked


Client Specific Overrides
Code Select
IPv4 Remote Network: 192.168.0.0/24


OpenVPN-Client-config
Code Select
Server Mode: Peer to Peer (SSL/TLS)
Protocol: UDP4
Device Mode: tun
Interface: LAN
TLS Authentication: Enabled - Authentication & encryption

IPv4 Tunnel Network: 172.31.5.0/28
IPv4 Remote Network:192.168.178.0/24


For the Connection status: see attachment


Routing-Table on Server B:
Code Select
Kernel IP routing table
Destination    Gateway        Genmask          Flags Metric Ref    Use   Iface
default        192.168.178.1   0.0.0.0         UG    0      0      0     ovs_eth0
192.168.0.0    192.168.178.3   255.255.255.0   UG    0      0      0     ovs_eth0


More detailed problem description:
- From Server A on the Client-side I can access everything on the Server-side. (e.g. backup on Server B)
- From OpenVPN Server (Server-side) I can ping/traceroute Server A
- From Server B on the Server-side I cannot access Server A (can traceroute, but ping is not working)(see code below)
Code Select
traceroute to 192.168.0.202 (192.168.0.202), 30 hops max, 60 byte packets
1  192.168.178.3 (192.168.178.3)  3.392 ms  3.366 ms  3.319 ms
2  172.31.5.2 (172.31.5.2)  37.018 ms  36.991 ms  36.955 ms
3  192.168.0.202 (192.168.0.202)  36.942 ms  36.910 ms  40.132 ms

PING 192.168.0.202 (192.168.0.202) 56(84) bytes of data.
^C
--- 192.168.0.202 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 1003ms



I am out off ideas, and very grateful for any solutions!
May 24, 2022, 12:00:18 AM #1
You're gonna need to post your firewall rules for sure.
Why are you using the LAN as OpenVPN interfaces? Doing that means you now have to use portforwarding through the firewall. Just use the WAN and open the correct port.
October 01, 2022, 07:06:54 PM #2
In the end, there was a firewall-rule missing.
On the client-side, on the OpenVPN-interface must be an any:any rule in both directions.
Print
Go Up Pages1
User actions