Re: [Openvpn-users] [OpenVPN -2.4.4 ] Routed LAN -Unable to ping other local IP on Server LAN

Tue, 05 Mar 2019 21:29:43 -0800 

IPv4 forward is enabled on the server and as well routing entry on router.

But Once i applied this iptable entry then it's working fine.
iptables -t nat -I POSTROUTING -o eno1 -s 10.8.0.0/24 -j MASQUERADE

On Router i didn't seen the packet hitting the firewall. Please clarify how
packets from tun0 to eno1 will transfer as per openvpn server configuration
without above iptable entry.

Server LAN interface : eno1
Server tun Interface : tun0

Regards,
Ganapathi


On Tue, Mar 5, 2019 at 11:24 PM Selva Nair <selva.n...@gmail.com> wrote:

> HI,
>
> On Tue, Mar 5, 2019 at 6:56 AM <ganapathi...@gmail.com> wrote:
>
>> Hi,
>>
>>
>>
>> As I recently installed openvpn on Ubuntu server. And somewhat configured
>> the client to connect the server successfully.
>>
>>
>>
>> Openvpn Version : 2.4.4
>>
>> Server : Ubuntu 18.04
>>
>>
>>
>> Openvpn Server LAN IP : 192.168.1.2
>>
>> LAN Network : 192.168.1.0/24
>>
>> Router IP : 192.168.1.1 - pfsense
>>
>> TUN0 Network : 10.8.0.0/24
>>
>> VPN Server IP : 10.8.0.1
>>
>> VPN Client IP : 10.8.0.2
>>
>>
>>
>> *Pfsense Router Routing* :
>>
>>
>>
>>    - Port Forwarded to 192.168.1.2 for port number 1194.
>>    - Created 192.168.1.2 – Gateway for Network 10.8.0.0/24.
>>
>>
> Does that mean you added a route on the router with target 10.8.0.0/24
> via 192.168.1.2? If yes, sounds good, else fix it.
> To test that, ping 10.8.0.1 from hosts within the server-side LAN -- e.g.,
> from 192.168.1.1 and 192.168.1.5.
>
> *Ping* :
>>
>> 10.8.0.2 à 192.168.1.2 = SUCCESS
>>
>> 10.8.0.2 à 192.168.1.5 = Fail
>>
>
> This could be due to either
> ip-forward is not enabled on the server (the first ping's SUCCESS does not
> confirm that)
> or
> the route for 10.8.0.0/24 via 192.168.1.2 mentioned above is not set up
> on the router.
>
> If both of those are in place, check your firewall(s).
>
> By the way, your server side LAN uses a common subnet (192.168.1.0/24)
> --- easy to cause a conflict with client side LANs.
>
> Selva
>
>
>

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to