OpenVPN peer-to-peer tunnel problem
-
I'm having problems setting up a easy peer-to-peer server-client VPN tunnel.
Client side is behind NAT & is calling to server. The tunnel comes up & routing is set up on both sides, so that both sites have their subnets routed over the tunnel network.
FW ACL allows all the traffic on OpenVPN interfaces.
Now this is where things get weird. My workstation, that is behind VPN server is able to connect to the VPN Client FW management using the tunnel network IP. But ping and traceroute to any other networks behind VPN Client FW are not reachable. Even the VPN Client FW interfaces do not answer.
Packet capture from the Server side shows packets going towards VPN Client tunnel IP, but from VPN Client no packets are arriving.
From VPN Client FW, I'm also able to ping hosts behind VPN Server FW, but they are not reachable from host machines networks connected to VPN Client FW. Traffic is sent to VPN tunnel, but not received from the other end.Routing tables from both side show correct routes pointing to VPN tunnel. Access-lists are allowing traffic permit IPv4 any any.
-
Remember that a Windows client will treat everything outside of its own subnet as "public" and will apply firewall rules that block everything.
-
@chpalmer Good point, but the hosts behind VPN client FW are running webservices and host accessing these are varios OS devices.
-
Show your config. Also if you can the client side config and "VPN" firewall rules
-
Post a network map. Post both the server1.conf and the client1.conf (both located in /var/etc/openvpn)
