Issue sending traffic over openvpn
- 
 @kr0490 
 So provide your settings at long last, so that someone else can see what's wrong with it.
- 
 @viragomann screenshots? Or is there a better way? 
- 
 @kr0490 
 Yeah, your OpenVPN settings on both sites. And what's about the interface gateway settings? Obviously you might have messed up something with it.
 Did you assign interfaces to the OpenVPN instances?
 What about firewall rules?
 Routing table.
- 
 @viragomann https://drive.google.com/drive/folders/1gHPWyy_fs7YgmNY-SmaGsgp3eWs1FsMI?usp=sharing Googledrive link to all the screenshots 
- 
 @kr0490 
 I was assuming, you have already removed that gateway.Never set a static IP for a VPN gateway! It is set by OpenVPN. Don't set static routes to VPN endpoints. The routing is done by the settings I mentioned above. It's not a good idea to use a public IP range for the tunnel. 
 Also you should better use /30 tunnel for a site to site vpn.
 And the tunnel network have to be a network address!. 172.1.2.1/24 isn't one.Any reason for specifying "local port" in the client settings? If not you leave it blank. You can assign interfaces the OpenVPN instances, but not necessarily needed. You only need it special routing purposes like policy routing. 
- 
 @viragomann ok I removed the gateway, deleted the opt interface in both sides, changed the tunnel network to a 10.x.x.x/30. I am confused where you say that the tunnel network must be an address? 
- 
 @kr0490 said in Issue sending traffic over openvpn: changed the tunnel network to a 10.x.x.x/30. I am confused where you say that the tunnel network must be an address? You have to enter a network address in the tunnel field. E.g. 10.8.0.0/30. Otherwise the tunnel doesn't work. 
 The client and server IP are set automatically by OpenVPN.
- 
 @viragomann ok got all that done, tunnel is stuck on pending, not connecting. It’s saying my remote network is unreachable in the logs. 
- 
 @kr0490 well I mean the remote network can’t see the server network 
- 
 @kr0490 
 On client site?
 What's in the OpenVPN log on client and server?
- 
 @viragomann client Client https://drive.google.com/file/d/16fMRKs_H2-1KCHP7lcbpQz-FOSU811Ds/view?usp=sharing 
- 
 @kr0490 Server Dec 22 16:20:28 openvpn 67947 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled 
 Dec 22 16:20:28 openvpn 67947 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021
 Dec 22 16:20:28 openvpn 67947 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
 Dec 22 16:20:28 openvpn 68166 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
 Dec 22 16:20:28 openvpn 68166 TUN/TAP device ovpns2 exists previously, keep at program end
 Dec 22 16:20:28 openvpn 68166 TUN/TAP device /dev/tun2 opened
 Dec 22 16:20:28 openvpn 68166 /sbin/ifconfig ovpns2 10.0.0.1 10.0.0.2 mtu 1500 netmask 255.255.255.255 up
 Dec 22 16:20:28 openvpn 68166 /usr/local/sbin/ovpn-linkup ovpns2 1500 1574 10.0.0.1 10.0.0.2 init
 Dec 22 16:20:28 openvpn 68166 Listening for incoming TCP connection on [AF_INET]REDACTED:1198
- 
 @kr0490 
 Obviously there is something wrong on the client.The interface is still 'WAN', local port is blank? But server address and server port are still there? Any reason for using TCP? 
- 
 @viragomann yes to the first part, no to the second I can set to udp 
- 
 @kr0490 
 Yes, UDP have some advantages over TCP.
 However, that is naturally not the reason for the "Network is unreachable" error on the client. This error has nothing to do with the OpenVPN settings, I think.Are you missing the default gateway? 
- 
 @viragomann it has a default dhcp gateway setup, yes, should be shown in one of the earlier pictures 
- 
 @kr0490 said in Issue sending traffic over openvpn: it has a default dhcp gateway setup, yes, should be shown in one of the earlier pictures The screenshot shows a gateway though, but none default at all. Use this option to set it es default: 
  
- 
 @viragomann ok I have set that on the client, and restarted the vpn service, log shows the same messages 
- 
 ok so after a reboot the VPN is established again, but still cannot ping either side 
- 
 @kr0490 So just to be clear the tunnel network which is the 10.X.X.X is supposed to be different from the remote network which i have as a 192.168.3.1/24 network, and i cannot ping the 3.1 from the server side network, and cannot ping the 1.1/24 network from the remote side