0

I have an Asus router with IP 192.168.2.1 and a running Openvpn client 10.8.0.2.
The Openvpn server (ubuntu 18)has ip 10.8.0.1. Both client and server can ping each other.
Now one desktop (192.168.2.198) is connected to the Asus and obtains an ip from DHCP server. Desktop can ping Openvpn server but not vice versa. How can I access desktop from Openvpn server?
I tried to add a static route on the server:

route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.8.0.1 dev tun1

but does not work.

luke
  • 1
  • 2
  • Can you please explain better which test you did? In particular, "*Both client and server can ping each other*" using which IP addresses (eg. both using LAN addresses?) –  Feb 01 '20 at 23:27
  • Have you configured IP tables and IP forwarding on the server? – CDO DevOps Feb 02 '20 at 01:14
  • From client and desktop I can ping the server 10.8.0.1 but server can only ping client 10.8.0.2 but not desktop. – luke Feb 02 '20 at 09:00
  • On the server I only added a static route and nothing else: route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.8.0.1 dev tun1. Do I need to configure the router adding some iptables commands? – luke Feb 02 '20 at 09:02
  • it could be nessesary to use NAT also – djdomi Feb 02 '20 at 15:50
  • Your Asus router (`10.8.0.2`) is the gateway to network `192.168.2.0/24`, not the server's own IP `10.8.0.1`. Also your Asus router's firewall should allow traffic between `10.8.0.1` and `192.168.2.0/24`. @djdomi, NAT is a pestilence that should be avoided. – Piotr P. Karwasz Feb 02 '20 at 17:41
  • _"Desktop can ping Openvpn server but not vice versa."_ - It seems that a `ping` command running on the desktop successfully shows ping answers (pongs) and time-to-live information in its output. Am I correct? – Anderson Medeiros Gomes Feb 05 '20 at 22:01
  • Yes exactly, I can ping only from desktop to vpn server, but not the other way round. – luke Feb 06 '20 at 18:54

1 Answers1

0

You must setup the VPN server to forward the NAT

You should run:

echo 1 > /proc/sys/net/ipv4/ip_forward

and add this file for keep that rule after reboot:

echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/30-openvpn-forward.conf
Nuno Leitao
  • 21
  • 2