Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to ping back from p2p server to client

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 281 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dimskraftD
      dimskraft
      last edited by

      I have a p2p server in subnet 192.168.10.0/24. It runs on iface ovpns9.

      I have a p2p client, successfully connected to it. Client is in subnet 192.168.31.0/24. It runs on iface ovonc5.

      Tunnel network is 192.168.28.0/24, server has address 192.168.28.1 and client has address 192.168.28.2 in this network.

      Beeing on client I can both ping and ssh to 192.168.28.1

      Being on server, I can both ping and ssh to 192.168.28.2

      Being on client I can both ping and ssh to 192.168.10.1 (server address in LAN).

      BUT being on server, I can neither ping nor ssh to 192.168.31.1 (client's address in LAN).

      During ping, I am doing tcpdump ovpns9 iface on server and see outgoing packets, but I don't see response packets.

      On client I don't see any incoming packets. Also, I have tcpdumped global IP and client's port and I see, that no UDP packets are coming.

      I set routing table on server as

      route add -net 192.168.31.0/24 -iface ovpns9

      Looks like server is configured correctly on TCP/IP level, but doesn't send packets to correct VPN tunnel.

      What could I do wrong?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @dimskraft
        last edited by

        @dimskraft
        Don't add static routes for OpenVPN enfpoints! This can all be done within OpenVPN.

        I guess, xou're missing the client specific override.
        You have to enter the client sides networks there.
        Additionally you have to enter them in the server settings at remote networks.

        dimskraftD 1 Reply Last reply Reply Quote 1
        • dimskraftD
          dimskraft @viragomann
          last edited by

          @viragomann

          Note, that I am in p2p mode. I think client specific overrides are for client/server mode?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @dimskraft
            last edited by

            @dimskraft
            CSO is necessary whenever you want to avcess a subnet behind the client and the tunnel network is bigger than /30.
            A /30 tunnel, however, is not compatible with DCO. Therefore a CSO is generally recommended.

            dimskraftD 1 Reply Last reply Reply Quote 1
            • dimskraftD
              dimskraft @viragomann
              last edited by

              @viragomann wow it worked, thank you! I had these entries, but they contained old configs!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.