0

I am trying to set up OpenVPN for the first time between two different cloud networks but getting issues. I have 2 linux machines, one is openvpn Server and another is client.

OpenVpn SSL Gateway (Open VPN Server in AWS Amazon Linux)

Private IP: 172.30.xx.8 (Network Interface- eth0) Virtual IP : 10.90.x.1 (Network Interface - tun0)

Vpn Client Machine (OpenVpn Client in another Cloud Network)

Private IP: 10.0.xx.11 (Network interface- eth0) Virtual IP : 10.90.x.2 (Network Interface- tun0)

I have allowed forward requests in both my server and client

net.ipv4.ip_forward=1 when I try to ping SSL gateway private ip from Vpn client Machine, I get a successful response.

i.e ping 172.30.xx.8 ( from 10.0.xx.11) - successful

When I try to ping other way round

i.e ping 10.0.xx.11 ( from 172.30.xx.8) - doesnt work

I have allowed everything in filters in my iptables on both servers for time being.

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -j LOG
-A POSTROUTING -j LOG
-A POSTROUTING -o tun0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i etho -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -j LOG
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
COMMIT

I haven't worked much on routing and Iptables so not sure what I am missing here. Appreciate any help on this.Here is my openvpn requirement for vpn access

Improve this question

1 Answer 1

Reset to default
0

OpenVPN only knows about the addresses on its' own link, not anything about other interfaces on the server/client, or the networks beyond that. You need to provide OpenVPN, and your server, more information.

Look at the OpenVPN Routed LANs page for a good introduction to all the concepts around routing and networking, especially outside OpenVPN itself.

A simple test is to dump the routing table on each end, before and after a connection, and with the configs you've posted above you should only see the link's subnets, not the remote networks you want to speak with:

ip route

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .