1

I have 3 VPS servers at OVH. I created a private network, where all servers have public IPv4 and private IPv4 address. I'm trying to give a user access to other VPS servers via private address from OpenVPN host.

For example: When a user connect to OpenVPN server, he has the IP number like 10.8.0.x, now when he is going to page on other VPS like 192.168.0.155, he can't connect to it.

Diagram

Update - OpenVPN server config:

port 1111
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_AAA.crt
key server_AAA.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
hardillb
  • 1,552
  • 2
  • 12
  • 23
Sebak
  • 11
  • 3

1 Answers1

0

As hashed out in the comments, the OP has not enabled IP forwarding on the OpenVPN server so it won't route any of the incoming packets from the OpenVPN clients to the internal network,

net.ipv4.ip_forward needs to be set to one in /etc/sysclt.conf. That file is only read on a reboot so you should run the following to enable it without a reboot:

$ echo 1 > /proc/sys/net/ipv4/ip_forward
hardillb
  • 1,552
  • 2
  • 12
  • 23
  • I tried it, but I still have errors. Also I added `route 192.168.0.0 255.255.255.0` to client ovpn file. On client I have errors like `Request timed out.`. – Sebak Dec 31 '20 at 12:21
  • Do the 192.168 hosts know to route 10.8 hosts via the OpenVPN server (or is it doing NAT) – hardillb Dec 31 '20 at 14:43
  • I don't know how to check it. If I ping from client to 192.168.0.x where x is IP of VPS #1 it works, but for other servers it doesn't work. – Sebak Jan 07 '21 at 11:47