I spent a couple of hours today attempting to setup my vps in germany (runs centos8 and openvpn client+server) for this configuration: My vps has 3 NICs
- eth0 with public ip address 1.2.3.4
- tun0 with private ip address 10.8.0.12 <-- this is an openvpn client address.
- tun1 with private ip address 10.9.0.1 <-- this is an openvpn server address.
if i connect with SSH to the vps directly from public IP or i connect via ovpn (where i take an 10.9.0.0/24 address) from the machine i can ping all clients that are in 10.8.0.0/24 subnet. But if i try to connect with vpn and ping from my machine(with 10.9.0.2 address) an address 10.8.0.0/24 i receive an Request Timeout.
Now in this vps is running firewalld and i've already enabled the ipv4 forwarding and i push the route to the clients with push "route 10.8.0.0 255.255.255.0"
The thing that i see in firewalld is:
[root@bigiron-fsn1-2 log]# firewall-cmd --list-all --zone=trusted
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: tun1
sources: 10.9.0.0/24 fddd:1194:1194:1194::/64
services: openvpn
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="10.9.0.0/24" destination address="10.8.0.0/24" accept
[root@bigiron-fsn1-2 log]# firewall-cmd --list-all --zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 tun0
sources:
services: cockpit dhcpv6-client openvpn ssh
ports: 1194/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv6" source ipset="sshguard6" drop
rule family="ipv4" source ipset="sshguard4" drop
rule family="ipv4" source address="10.8.0.0/24" accept
rule family="ipv4" source address="10.9.0.0/24" destination address="10.8.0.0/24" accept
How can i enable the communication from 10.9.0.0/24 to 10.8.0.0/24 hosts? Thank you for your help!
