OpenVPN server : connexion OK but no access to remote lan

networking vpn openvpn network-share route

I've got a running OpenVPN server with following configuration

  • VPN network is 10.7.0.0/16
  • LAN network is 192.168.100.0/24

Client is able to connect, but I can not reach LAN hosts located behind VPN connection (192.168.100.*).

traceroute no answer

push "route 192.168.100.0 255.255.255.0" configuration line should solve this, but not. Where is my error ?

Analysis

After connection, here is my netstat -rn result

default            10.7.0.5           UGScIg      utun10
10.7/16            10.7.0.5           UGSc        utun10
10.7.0.5           10.7.0.6           UHr         utun10
10.7.0.5/32        link#23            UCS         utun10
192.168.100        10.7.0.5           UGSc        utun10

I would have expected 10.7.0.1 gateway on last line, no ?

ifconfig Maybe a clue, my ifconfig on client gives me ifconfig on client

I expected something like inet 10.7.0.2 --> 10.7.0.1 as it works on other VPN I got on other context.

↳ Answered with @lacek answer.

Packets Capture

A tcpdump on VPN server, during client pings, gives me

  • Just on way sent ping (no return) on LAN ping.
    lan ping
  • Ping & return on VPN host ping.
    vpn ping

If I capture any ICMP traffic on target, there is no log about ping request. (I've tried from another LAN host, it works. From VPN host directly, it also works.).

The point is that OpenVPN service do not forward my packets to LAN network.

Config

server.conf conf

proto udp
ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn.log
verb 3
mute 10
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
port 1194
dev tun
server 10.7.0.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 192.168.100.0 255.255.255.0 "
client-to-client

On server side, I'm running OpenVPN 2.4.0 on Debian OS.


Solution 1:

Everything looks good at first glance, so my guess would be that either a firewall is blocking the packages from VPN to LAN, or computers on the LAN don't have a proper routing set up, so packages cannot reach back from the LAN to the VPN.

Regarding the ifconfig output: when using net30 topology (the default), openvpn sets up a point-to-point connection where for every client a /30 network is allocated. One IP from that network belongs to the client, and the other is for the server. So the output you got is correct.

Related

Is there a way of relating the RAID units with the OS devices in 3ware?
Setting up mongodb behind nginx
Converting Thick vmdk to thin after Move from Datastore
Existence of some sort of 'infinite algebraicity' of transcendental numbers
The preimage of a maximal ideal is maximal
Sort df Output by Mount Point
What does "relatively closed" mean?
Decoupling IP address from hosting provider
Serge Lang´s remarks on the superiority of algebra. What it actually means? [closed]
Why is $F^*(\mathcal L) = \mathcal L^{\otimes p}$ where $F$ is the absolute Frobenius and $\mathcal L$ is an invertible sheaf?
Why are emails sent to root redirected to nobody?
Proposition 5.21 in Atiyah-MacDonald