OpenVPN: Clients can connect to each other but not the server
Posted: 2018/10/24 10:10:39
I am trying to build a VPN on a remote VM. I have to use the tap interface because one of the application that we need to use ignores broadcasting over tun0 tunnels but is happy to broadcast over tap0. All the clients can connect to the vpn and are able to see each other, but they can't see the server and hence can't use the application that is running on the server. Before using the plan B approach of having to run the application on one of the VPN clients I'ld like to check here first if there is anything I am doing wrong.
This server has 2 eth interfaces. We can only access eth1 from our end. I created a eth1:1 alias and gave it the local IP manually
Server Config
Client Config
I had to NAT the UDP port from the eth1 interface to eth1:1 for the clients to be able to connect and authenticate with openvpn.
The up and down scripts are used to add the tap0 to the bridge and remove it from the bridge on startup and shutdown.
Can anyone point me to where I am going wrong please? Why are my clients not able to ping the server or vice versa?
This server has 2 eth interfaces. We can only access eth1 from our end. I created a eth1:1 alias and gave it the local IP manually
Server Config
Code: Select all
local 192.168.122.1
port 1194
proto udp
dev tap0
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/icevpn.crt
dh /etc/openvpn/ssl/dh.pem
topology subnet
ifconfig-pool-persist ipp.txt
server-bridge 192.168.122.1 255.255.255.0 192.168.122.105 192.168.122.200
push "route 192.168.122.0 255.255.255.0"
push "dhcp-option DNS 192.168.122.1"
client-to-client
keepalive 10 120
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
comp-lzo adaptive
persist-key
persist-tun
status openvpn-status.log
verb 3
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
management localhost 7505
crl-verify /etc/openvpn/ssl/crl.pe
Code: Select all
client
dev tap
proto udp
port 1194
remote ServerAddress 1194 udp
remote-cert-tls server
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
#---Embedded certificates removed---
The up and down scripts are used to add the tap0 to the bridge and remove it from the bridge on startup and shutdown.
Can anyone point me to where I am going wrong please? Why are my clients not able to ping the server or vice versa?