Unable to ping back from p2p server to client
-
I have a p2p server in subnet 192.168.10.0/24. It runs on iface ovpns9.
I have a p2p client, successfully connected to it. Client is in subnet 192.168.31.0/24. It runs on iface ovonc5.
Tunnel network is 192.168.28.0/24, server has address 192.168.28.1 and client has address 192.168.28.2 in this network.
Beeing on client I can both ping and ssh to 192.168.28.1
Being on server, I can both ping and ssh to 192.168.28.2
Being on client I can both ping and ssh to 192.168.10.1 (server address in LAN).
BUT being on server, I can neither ping nor ssh to 192.168.31.1 (client's address in LAN).
During ping, I am doing tcpdump ovpns9 iface on server and see outgoing packets, but I don't see response packets.
On client I don't see any incoming packets. Also, I have tcpdumped global IP and client's port and I see, that no UDP packets are coming.
I set routing table on server as
route add -net 192.168.31.0/24 -iface ovpns9
Looks like server is configured correctly on TCP/IP level, but doesn't send packets to correct VPN tunnel.
What could I do wrong?
-
@dimskraft
Don't add static routes for OpenVPN enfpoints! This can all be done within OpenVPN.I guess, xou're missing the client specific override.
You have to enter the client sides networks there.
Additionally you have to enter them in the server settings at remote networks. -
Note, that I am in p2p mode. I think client specific overrides are for client/server mode?
-
@dimskraft
CSO is necessary whenever you want to avcess a subnet behind the client and the tunnel network is bigger than /30.
A /30 tunnel, however, is not compatible with DCO. Therefore a CSO is generally recommended. -
@viragomann wow it worked, thank you! I had these entries, but they contained old configs!
