Site-to-Site OpenVPN Issues
-
Connection establishes. Client can ping server's local address (192.168.0.1), but server can't ping client's local address (192.168.1.1)
Server:
dev ovpns5 verb 1 dev-type tun dev-node /dev/tun5 writepid /var/run/openvpn_server5.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-GCM auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local xx.xxx.xx.xx tls-server server 10.0.8.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server5 ifconfig 10.0.8.1 10.0.8.2 tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'fallias2s' 1" lport 1194 management /var/etc/openvpn/server5.sock unix push "route 192.168.0.0 255.255.255.0" push "route 10.0.9.0 255.255.255.0" route 192.168.1.0 255.255.255.0 route 10.0.11.0 255.255.255.0 ca /var/etc/openvpn/server5.ca cert /var/etc/openvpn/server5.cert key /var/etc/openvpn/server5.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server5.tls-auth 0 ncp-disable comp-lzo adaptive topology subnetDestination Gateway Flags Netif Expire 0.0.0.0/1 10.1.10.9 UGS ovpnc1 default xx.xxx.xx.xxx UGS em1 10.0.8.0/24 10.0.8.2 UGS ovpns5 10.0.8.1 link#7 UHS lo0 10.0.8.2 link#7 UH ovpns5 10.0.9.0/24 10.0.9.2 UGS ovpns6 10.0.9.1 link#8 UHS lo0 10.0.9.2 link#8 UH ovpns6 10.0.11.0/24 10.0.8.2 UGS ovpns5 10.1.10.1/32 10.1.10.9 UGS ovpnc1 10.1.10.9 link#9 UH ovpnc1 10.1.10.10 link#9 UHS lo0 10.10.10.1 link#1 UHS lo0 10.10.10.1/32 link#1 U em0 10.26.11.1/32 10.26.11.5 UGS ovpnc4 10.26.11.5 link#12 UH ovpnc4 10.26.11.6 link#12 UHS lo0 10.28.11.1/32 10.28.11.9 UGS ovpnc3 10.28.11.9 link#11 UH ovpnc3 10.28.11.10 link#11 UHS lo0 10.39.11.1/32 10.39.11.9 UGS ovpnc2 10.39.11.9 link#10 UH ovpnc2 10.39.11.10 link#10 UHS lo0 10.74.11.1/32 10.74.11.9 UGS ovpnc7 10.74.11.9 link#13 UH ovpnc7 10.74.11.10 link#13 UHS lo0 xx.xxx.xx.xxx/29 link#2 U em1 xx.xxx.xx.xxx link#2 UHS lo0 xx.xxx.xxx.xx/32 xx.xxx.xx.xxx UGS em1 xxx.xx.xxx.xx/32 xx.xxx.xx.xxx UGS em1 xxx.xx.xxx.xx/32 xx.xxx.xx.xxx UGS em1 xxx.xxx.xxx.xxx/32 xx.xxx.xx.xxx UGS em1 127.0.0.1 link#4 UH lo0 128.0.0.0/1 10.1.10.9 UGS ovpnc1 192.168.0.0/24 link#1 U em0 192.168.0.1 link#1 UHS lo0 192.168.1.0/24 10.0.8.2 UGS ovpns5 xxx.xx.xxx.xxx/32 xx.xxx.xx.xxx UGS em1 xxx.xxx.xxx.xxx/32 xx.xxx.xx.xxx UGS em1Client:
dev ovpnc4 verb 1 dev-type tun dev-node /dev/tun4 writepid /var/run/openvpn_client4.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-GCM auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 69.174.143.174 tls-client client lport 0 management /var/etc/openvpn/client4.sock unix remote xxxxxxxxx.xxxx 1194 route 192.168.0.0 255.255.255.0 route 10.0.9.0 255.255.255.0 ca /var/etc/openvpn/client4.ca cert /var/etc/openvpn/client4.cert key /var/etc/openvpn/client4.key tls-auth /var/etc/openvpn/client4.tls-auth 1 ncp-disable comp-lzo adaptive resolv-retry infinite0.0.0.0/1 10.95.10.5 UGS ovpnc1 default xx.xxx.xxx.xxx UGS em1 10.0.8.0/24 10.0.8.1 UGS ovpnc4 10.0.8.1 link#13 UH ovpnc4 10.0.8.2 link#13 UHS lo0 10.0.9.0/24 10.0.8.1 UGS ovpnc4 10.0.11.0/24 10.0.11.2 UGS ovpns7 10.0.11.1 link#7 UHS lo0 10.0.11.2 link#7 UH ovpns7 10.10.10.1 link#1 UHS lo0 10.10.10.1/32 link#1 U em0 10.13.10.1/32 10.13.10.9 UGS ovpnc5 10.13.10.9 link#11 UH ovpnc5 10.13.10.10 link#11 UHS lo0 10.14.11.1/32 10.14.11.9 UGS ovpnc3 10.14.11.9 link#10 UH ovpnc3 10.14.11.10 link#10 UHS lo0 10.24.15.1/32 10.24.15.5 UGS ovpnc2 10.24.15.5 link#9 UH ovpnc2 10.24.15.6 link#9 UHS lo0 10.91.14.1/32 10.91.14.5 UGS ovpnc6 10.91.14.5 link#12 UH ovpnc6 10.91.14.6 link#12 UHS lo0 10.95.10.1/32 10.95.10.5 UGS ovpnc1 10.95.10.5 link#8 UH ovpnc1 10.95.10.6 link#8 UHS lo0 xx.xxx.xxx.xx/32 xx.xxx.xxx.xxx UGS em1 xx.xxx.xxx.xx/32 xx.xxx.xxx.xxx UGS em1 xx.xxx.xxx.xxx/26 link#2 U em1 xx.xxx.xxx.xxx link#2 UHS lo0 127.0.0.1 link#4 UH lo0 128.0.0.0/1 10.95.10.5 UGS ovpnc1 xxx.xx.xx.xxx/32 xx.xxx.xxx.xxx UGS em1 192.168.0.0/24 10.0.8.1 UGS ovpnc4 192.168.1.0/24 link#1 U em0 192.168.1.1 link#1 UHS lo0 xxx.xx.xxx.xxx/32 xx.xxx.xxx.xxx UGS em1This was previously working fine, but seemed to stop working immediately after I'd upgraded to 2.4.4-RELEASE-p1.
-
Please use -n when running netstat -r.
netstat -rn4 -
@derelict said in Site-to-Site OpenVPN Issues:
Please use -n when running netstat -r.
netstat -rn4post edited
-
Firewall rules on the OpenVPN tab on the client?
Try also setting the netmask on the tunnel network to /30 or, more complicated, adding Client-Specific Overrides for each endpoint with Remote Networks there set to the remote LAN.
-
Default IPv4 wildcard rule on both server and client under OpenVPN.
-
Changing the tunnel network to /30 fixed it! Thank you so much! Still not quite sure where the sudden conflict was, but glad to have it working again, regardless.
-
It must be said that it wasn't the upgrade to 2.4.4-1 unless you moved from an ancient version then I suppose it could be possible.
-
Now all of a sudden DNS resolution stopped working on all of the clients on my internal network. o_O
Restarting unbound and the client machines doesn't fix it. My network just hates me right now.
edit Disabling pfBlocker fixed DNS resolution.
edit2 Suddenly, my firehol blocklist rule was adding all of the internal clients on my network to blocked hosts.
