Issue sending traffic over openvpn

kr0490

@kr0490 well I mean the remote network can’t see the server network

viragomann

@kr0490
On client site?
What's in the OpenVPN log on client and server?

kr0490

@viragomann client

Client

https://drive.google.com/file/d/16fMRKs_H2-1KCHP7lcbpQz-FOSU811Ds/view?usp=sharing

kr0490

@kr0490 Server

Dec 22 16:20:28 openvpn 67947 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Dec 22 16:20:28 openvpn 67947 OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021
Dec 22 16:20:28 openvpn 67947 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
Dec 22 16:20:28 openvpn 68166 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 22 16:20:28 openvpn 68166 TUN/TAP device ovpns2 exists previously, keep at program end
Dec 22 16:20:28 openvpn 68166 TUN/TAP device /dev/tun2 opened
Dec 22 16:20:28 openvpn 68166 /sbin/ifconfig ovpns2 10.0.0.1 10.0.0.2 mtu 1500 netmask 255.255.255.255 up
Dec 22 16:20:28 openvpn 68166 /usr/local/sbin/ovpn-linkup ovpns2 1500 1574 10.0.0.1 10.0.0.2 init
Dec 22 16:20:28 openvpn 68166 Listening for incoming TCP connection on [AF_INET]REDACTED:1198

viragomann

@kr0490
Obviously there is something wrong on the client.

The interface is still 'WAN', local port is blank? But server address and server port are still there?

Any reason for using TCP?

kr0490

@viragomann yes to the first part, no to the second I can set to udp

viragomann

@kr0490
Yes, UDP have some advantages over TCP.
However, that is naturally not the reason for the "Network is unreachable" error on the client. This error has nothing to do with the OpenVPN settings, I think.

Are you missing the default gateway?

kr0490

@viragomann it has a default dhcp gateway setup, yes, should be shown in one of the earlier pictures

viragomann

@kr0490 said in Issue sending traffic over openvpn:

it has a default dhcp gateway setup, yes, should be shown in one of the earlier pictures

The screenshot shows a gateway though, but none default at all.

Use this option to set it es default:

kr0490

@viragomann ok I have set that on the client, and restarted the vpn service, log shows the same messages

kr0490

ok so after a reboot the VPN is established again, but still cannot ping either side

kr0490

@kr0490 So just to be clear the tunnel network which is the 10.X.X.X is supposed to be different from the remote network which i have as a 192.168.3.1/24 network, and i cannot ping the 3.1 from the server side network, and cannot ping the 1.1/24 network from the remote side

viragomann

@kr0490 said in Issue sending traffic over openvpn:

So just to be clear the tunnel network which is the 10.X.X.X is supposed to be different from the remote network which i have as a 192.168.3.1/24 network

Yes, but both are NETWORKS.
And a /24 network EVER has a 0 at the end!

kr0490

@kr0490 yep i checked, not sure what else is causing traffic to not route accross :(

viragomann

@kr0490
Consider that the destination device can block access from the remote or from outside in general by its own firewall.

For further investigation post the routing tables of both nodes.

kr0490

@viragomann I have an allow all rule on the open vpn interface on both sides

kr0490

@kr0490
Server Side
Destination Gateway Flags Use Mtu Netif Expire
default REDACTED PUBLIC IP UGS 17340 1500 igb0
REDACTED PUBLIC IP/22 link#1 U 9544 1500 igb0
REDACTED PUBLIC IP link#1 UHS 0 16384 lo0
127.0.0.1 link#7 UH 43 16384 lo0
172.16.12.0/24 172.16.12.2 UGS 0 1500 ovpns1
172.16.12.1 link#10 UHS 0 16384 lo0
172.16.12.2 link#10 UH 6977 1500 ovpns1
192.168.1.0/24 link#2 U 497896 1500 igb1
192.168.1.1 link#2 UHS 0 16384 lo0
192.168.2.254 b4:fb:e4:86:40:10 UHS 3 1500 igb0

kr0490

REMOTE/CLIENT

IPv4 Routes
Destination Gateway Flags Use Mtu Netif Expire
default 192.168.0.1 UGS 8490 1500 re1
10.0.0.1 link#7 UH 0 1500 ovpnc1
10.0.0.2 link#7 UHS 0 16384 lo0
127.0.0.1 link#4 UH 32 16384 lo0
192.168.0.0/24 link#2 U 0 1500 re1
192.168.0.1 78:45:c4:24:e8:90 UHS 9632 1500 re1
192.168.0.50 link#2 UHS 0 16384 lo0
192.168.1.0/24 10.0.0.1 UGS 3 1500 ovpnc1
192.168.3.0/24 link#1 U 3465 1500 re0
192.168.3.1 link#1 UHS 0 16384 lo0

kr0490

@kr0490
I don’t see routes for either remote networks on the other side boxes

viragomann

@kr0490
Cannot find any matching VPN tunnel here.
On the server you have 172.16.12.0/24.
And on the client 10.0.0.2.