Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue sending traffic over openvpn

    Scheduled Pinned Locked Moved OpenVPN
    46 Posts 2 Posters 8.9k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      viragomann @kr0490
      last edited by

      @kr0490
      On client site?
      What's in the OpenVPN log on client and server?

      K 1 Reply Last reply Reply Quote 0
      • K Offline
        kr0490 @viragomann
        last edited by

        @viragomann client

        Client

        https://drive.google.com/file/d/16fMRKs_H2-1KCHP7lcbpQz-FOSU811Ds/view?usp=sharing

        K 1 Reply Last reply Reply Quote 0
        • K Offline
          kr0490 @kr0490
          last edited by

          @kr0490 Server

          Dec 22 16:20:28 openvpn 67947 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
          Dec 22 16:20:28 openvpn 67947 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021
          Dec 22 16:20:28 openvpn 67947 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
          Dec 22 16:20:28 openvpn 68166 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
          Dec 22 16:20:28 openvpn 68166 TUN/TAP device ovpns2 exists previously, keep at program end
          Dec 22 16:20:28 openvpn 68166 TUN/TAP device /dev/tun2 opened
          Dec 22 16:20:28 openvpn 68166 /sbin/ifconfig ovpns2 10.0.0.1 10.0.0.2 mtu 1500 netmask 255.255.255.255 up
          Dec 22 16:20:28 openvpn 68166 /usr/local/sbin/ovpn-linkup ovpns2 1500 1574 10.0.0.1 10.0.0.2 init
          Dec 22 16:20:28 openvpn 68166 Listening for incoming TCP connection on [AF_INET]REDACTED:1198

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @kr0490
            last edited by viragomann

            @kr0490
            Obviously there is something wrong on the client.

            The interface is still 'WAN', local port is blank? But server address and server port are still there?

            Any reason for using TCP?

            K 1 Reply Last reply Reply Quote 0
            • K Offline
              kr0490 @viragomann
              last edited by

              @viragomann yes to the first part, no to the second I can set to udp

              V 1 Reply Last reply Reply Quote 0
              • V Offline
                viragomann @kr0490
                last edited by

                @kr0490
                Yes, UDP have some advantages over TCP.
                However, that is naturally not the reason for the "Network is unreachable" error on the client. This error has nothing to do with the OpenVPN settings, I think.

                Are you missing the default gateway?

                K 1 Reply Last reply Reply Quote 0
                • K Offline
                  kr0490 @viragomann
                  last edited by

                  @viragomann it has a default dhcp gateway setup, yes, should be shown in one of the earlier pictures

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann @kr0490
                    last edited by

                    @kr0490 said in Issue sending traffic over openvpn:

                    it has a default dhcp gateway setup, yes, should be shown in one of the earlier pictures

                    The screenshot shows a gateway though, but none default at all.

                    Use this option to set it es default:
                    b66334b5-1c76-4d4e-9e6a-d212a252b342-grafik.png

                    K 1 Reply Last reply Reply Quote 0
                    • K Offline
                      kr0490 @viragomann
                      last edited by

                      @viragomann ok I have set that on the client, and restarted the vpn service, log shows the same messages

                      1 Reply Last reply Reply Quote 0
                      • K Offline
                        kr0490
                        last edited by

                        ok so after a reboot the VPN is established again, but still cannot ping either side

                        K 1 Reply Last reply Reply Quote 0
                        • K Offline
                          kr0490 @kr0490
                          last edited by

                          @kr0490 So just to be clear the tunnel network which is the 10.X.X.X is supposed to be different from the remote network which i have as a 192.168.3.1/24 network, and i cannot ping the 3.1 from the server side network, and cannot ping the 1.1/24 network from the remote side

                          V K 2 Replies Last reply Reply Quote 0
                          • V Offline
                            viragomann @kr0490
                            last edited by

                            @kr0490 said in Issue sending traffic over openvpn:

                            So just to be clear the tunnel network which is the 10.X.X.X is supposed to be different from the remote network which i have as a 192.168.3.1/24 network

                            Yes, but both are NETWORKS.
                            And a /24 network EVER has a 0 at the end!

                            1 Reply Last reply Reply Quote 0
                            • K Offline
                              kr0490 @kr0490
                              last edited by

                              @kr0490 yep i checked, not sure what else is causing traffic to not route accross :(

                              V 1 Reply Last reply Reply Quote 0
                              • V Offline
                                viragomann @kr0490
                                last edited by viragomann

                                @kr0490
                                Consider that the destination device can block access from the remote or from outside in general by its own firewall.

                                For further investigation post the routing tables of both nodes.

                                K 1 Reply Last reply Reply Quote 0
                                • K Offline
                                  kr0490 @viragomann
                                  last edited by

                                  @viragomann I have an allow all rule on the open vpn interface on both sides

                                  K 1 Reply Last reply Reply Quote 0
                                  • K Offline
                                    kr0490 @kr0490
                                    last edited by

                                    @kr0490
                                    Server Side
                                    Destination Gateway Flags Use Mtu Netif Expire
                                    default REDACTED PUBLIC IP UGS 17340 1500 igb0
                                    REDACTED PUBLIC IP/22 link#1 U 9544 1500 igb0
                                    REDACTED PUBLIC IP link#1 UHS 0 16384 lo0
                                    127.0.0.1 link#7 UH 43 16384 lo0
                                    172.16.12.0/24 172.16.12.2 UGS 0 1500 ovpns1
                                    172.16.12.1 link#10 UHS 0 16384 lo0
                                    172.16.12.2 link#10 UH 6977 1500 ovpns1
                                    192.168.1.0/24 link#2 U 497896 1500 igb1
                                    192.168.1.1 link#2 UHS 0 16384 lo0
                                    192.168.2.254 b4:fb:e4:86:40:10 UHS 3 1500 igb0

                                    1 Reply Last reply Reply Quote 0
                                    • K Offline
                                      kr0490
                                      last edited by

                                      REMOTE/CLIENT

                                      IPv4 Routes
                                      Destination Gateway Flags Use Mtu Netif Expire
                                      default 192.168.0.1 UGS 8490 1500 re1
                                      10.0.0.1 link#7 UH 0 1500 ovpnc1
                                      10.0.0.2 link#7 UHS 0 16384 lo0
                                      127.0.0.1 link#4 UH 32 16384 lo0
                                      192.168.0.0/24 link#2 U 0 1500 re1
                                      192.168.0.1 78:45:c4:24:e8:90 UHS 9632 1500 re1
                                      192.168.0.50 link#2 UHS 0 16384 lo0
                                      192.168.1.0/24 10.0.0.1 UGS 3 1500 ovpnc1
                                      192.168.3.0/24 link#1 U 3465 1500 re0
                                      192.168.3.1 link#1 UHS 0 16384 lo0

                                      K V 2 Replies Last reply Reply Quote 0
                                      • K Offline
                                        kr0490 @kr0490
                                        last edited by

                                        @kr0490
                                        I don’t see routes for either remote networks on the other side boxes

                                        1 Reply Last reply Reply Quote 0
                                        • V Offline
                                          viragomann @kr0490
                                          last edited by

                                          @kr0490
                                          Cannot find any matching VPN tunnel here.
                                          On the server you have 172.16.12.0/24.
                                          And on the client 10.0.0.2.

                                          K 1 Reply Last reply Reply Quote 1
                                          • K Offline
                                            kr0490 @viragomann
                                            last edited by

                                            @viragomann that 172.16 is my personal vpn from my laptop to the server, not the site to site, i checked the site to side is both set to 10.0.0.1/30 on both sides

                                            V K 2 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.