3

I have two openvpn servers ( one on tcp, one on udp) running on the same machine - an OPENVZ vps.

The first network A uses 10.10.0.0/24 and it is designed as an intranet.

The second network B uses 10.11.0.0/24 and it is designed so that the clients have access to the internet and the A network.

Both networks are configured with the setting client-to-client and I am pushing the routes for the subnets to clients.

The problem I am having : I want clients from network B to access machines from network A.

At the moment clients from B can ping 10.10.0.1 , the A gateway, but CAN'T ping 10.10.0.38( for example).

Thank you in advance!

Cucu
  • 137

1 Answers1

0

Make sure that each computer know the route to the other network.

Use route print to validate.

Use route add 10.11.0.0 mask 255.255.255.0 10.10.0.1 on B in example, and route add 10.10.0.1 mask 255.255.255.0 10.11.0.1 on A to be sure the packet will go back. Only the machine C that run the openvpn software know all the route.

yagmoth555
  • 17,059
  • did that! Still not working ... – Cucu Dec 03 '14 at 10:46
  • Oh, turn off their firewall from A and B – yagmoth555 Dec 03 '14 at 10:48
  • it is turned off! From a client of the B network, i can ping the A gateway and from a A client I can ping the B gateway. Viceversa si also true. – Cucu Dec 03 '14 at 10:57
  • UPDATE: from the machine that runs the openvpn, the vps, can't ping the clients! The route is like 10.10.0.0 mask 255.255.255.0 10.10.0.2 - this is setup by the openvpn server. Could this be the problem? – Cucu Dec 03 '14 at 11:02
  • Yes, could be, 10.10.0.2 is what gear? – yagmoth555 Dec 03 '14 at 11:14
  • Edited my first post, did a typo for the route, 10.11.0.0/24 10.10.0.1.. i wrote 10.10.0.0 > 10.10.0.1.. – yagmoth555 Dec 03 '14 at 11:21
  • 1
    Make sure client-to-client is turned on, ipv4 forwarding in /etc/sysctl.conf is on, and that you have the proper firewall rules if needed. check if the server can reach the clients on the same subnet, if that all is working ok check the traffic with tcpdump or wireshark (what comes in and goes out, or comes in and does not go out. – Goez Dec 03 '14 at 11:42
  • I'll check with tcpdump and come back with an update! – Cucu Dec 03 '14 at 13:05
  • Ok, back! Tcpdump tells me the packages come in(the udp openvpn server ) but they do not go out on the tcp vpn. – Cucu Jan 19 '15 at 17:52