OpenVPN Can not reach devices in LAN other than the LAN-Gateway

NiDaKuDE

Hey there,
I am trying to setup a VPN-Server, reachable at my WAN-Interface (192.168.178.28/24) which is working. If I connect to the OpenVPN-Server at (10.32.0.1/16), I receive the following routes:

10.0.0.0/12 via 10.32.0.1 dev tun0 
10.32.0.0/16 dev tun0 proto kernel scope link src 10.32.0.2 

Unfortunately I cannot reach a Testserver (10.10.10.10), which is reachable when in the same network (tested with ping and ssh)

I did some googling and tried several "fixes" and full blown tutorials but had no success.

Below I have attached all relevant Configs, I hope ;D

*The VPN-Config-Site was too big for upload...
Short summary:
Proto: UDP on IPv4
Iface: WAN
Local Port: 1195
TLS
IPv4 Tunnel Network: 10.32.0.0/16
IPv4 Local Networks: 10.0.0.0/12
Inter-Client-Com: Check
Custom options: push "route 10.0.0.0 255.240.0.0"

Thanks in advance!

Rico

Your testserver is using pfSense as gateway?
Did you check/disable for testing the testservers firewall?

-Rico

NiDaKuDE

Given the working NAT-Rule to forward a Port to the WAN-Router-IP and the fact that it is pingable from within the router leads me to belive, that this is indeed the case ;D

# The primary network interface
allow-hotplug enp3s0f0
iface enp3s0f0 inet static
  address 10.10.10.10/12
  gateway 10.0.0.1
# This is an autoconfigured IPv6 interface

I am pretty shure, that the Testserver does not have a firewall installed. At least none that I am aware of. Maybe there is something I do not know it exists ?

root@kartoffel:~# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
root@kartoffel:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
root@kartoffel:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 10:1f:74:30:d4:b4 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.10/8 brd 10.255.255.255 scope global enp3s0f0
       valid_lft forever preferred_lft forever
    inet6 fe80::121f:74ff:fe30:d4b4/64 scope link 
       valid_lft forever preferred_lft forever
3: enp3s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 10:1f:74:30:d4:b6 brd ff:ff:ff:ff:ff:ff
4: enp4s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 10:1f:74:30:d4:a0 brd ff:ff:ff:ff:ff:ff
5: enp4s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 10:1f:74:30:d4:a2 brd ff:ff:ff:ff:ff:ff
root@kartoffel:~# ip route
default via 10.0.0.1 dev enp3s0f0 onlink 
10.0.0.0/8 dev enp3s0f0 proto kernel scope link src 10.10.10.10 
root@kartoffel:~#

NiDaKuDE

Hey there,
I think the problem is not within the Router but in the testserver.

Even though I did a reinstall recently and never installed anything else than apache2 and openssh-server, a tcpdump confirmed that the packets arrive at my testserver but my testserver does not respond to them for whatever reason. So most probably my fault.

Anyway

Thank you @Rico !