I have a cloud OpenVPN server and my goal would be to be able to access my home network from OpenVPN clients connected to this server. Currently, I have an OpenWRT router that is a OpenVPN client connected to the server.
First I tried getting my homes devices (subnet 192.168.1.0/24) to be able to communicate with the OpenVPN server (ip 10.8.0.1). The correct routes are enabled on the router, and I am able to ping the server from the router itself. However, a device from my home network is not able to ping the server. Here is an overview of my setup right now :
Laptop (192.168.1.209) -> Router (192.168.1.1 and 10.8.0.8) -> OpenVPN server (10.8.0.1)
Here is the result of the command tcpdump while tring to ping the server, first from the router, after from my laptop :
Router
# tcpdump ip proto \\icmp -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
20:49:29.967959 IP 10.8.0.8 > 10.8.0.1: ICMP echo request, id 8981, seq 0, length 64
20:49:29.987691 IP 10.8.0.1 > 10.8.0.8: ICMP echo reply, id 8981, seq 0, length 64
20:49:30.970133 IP 10.8.0.8 > 10.8.0.1: ICMP echo request, id 8981, seq 1, length 64
20:49:30.989493 IP 10.8.0.1 > 10.8.0.8: ICMP echo reply, id 8981, seq 1, length 64
20:49:35.314108 IP 192.168.1.209 > 10.8.0.1: ICMP echo request, id 1, seq 130, length 40
20:49:40.061738 IP 192.168.1.209 > 10.8.0.1: ICMP echo request, id 1, seq 131, length 40
20:49:45.062659 IP 192.168.1.209 > 10.8.0.1: ICMP echo request, id 1, seq 132, length 40
20:49:50.062842 IP 192.168.1.209 > 10.8.0.1: ICMP echo request, id 1, seq 133, length 40
Server
# tcpdump ip proto \\icmp -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
16:49:29.973530 IP 10.8.0.8 > 10.8.0.1: ICMP echo request, id 8981, seq 0, length 64
16:49:29.973563 IP 10.8.0.1 > 10.8.0.8: ICMP echo reply, id 8981, seq 0, length 64
16:49:30.975078 IP 10.8.0.8 > 10.8.0.1: ICMP echo request, id 8981, seq 1, length 64
16:49:30.975113 IP 10.8.0.1 > 10.8.0.8: ICMP echo reply, id 8981, seq 1, length 64
At first, I thought it may be a problem with my firewall configuration on the server. However, it seems that tcpdump should capture the traffic before it passes thru the firewall. So from what I see, it seems that OpenVPN does not allow the packets to go thru, but I can't find anywhere mentioning OpenVPN dropping packets from another subnet. If the OpenVPN config would be useful to solve the problem, let me know and I will include it.
EDIT: Also, the server has the routes to send traffic for the 192.168.1.0/24 subnet via 10.8.0.8. If the server tries pinging the laptop, tcpdump has similar output to what is shown above.