0

I hope that you can help me with my problem. I have configured an OpenVPN Server. Clients can connect and I can ping the clients from the virtual machine where the server is. But I want the clients to ping each other and for example see which devices are connected in the other clients network.

I have stumbled upon this post here How to allow communications with client to client on OpenVPN Server? but the solution with the firewall rules did not work.

My OpenVPN server configuration looks like this:

port 1194
proto udp
dev tun
ca ../easy-rsa/pki/ca.crt
cert ../easy-rsa/pki/issued/server.crt
key ../easy-rsa/pki/private/server.key
dh ../easy-rsa/pki/dh.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
client-to-client
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
mode server
tls-auth ta.key 0
key-direction 0
auth SHA256
tls-server
comp-lzo

#client1
route 10.8.3.0 255.255.255.0

#client2
route 10.8.4.0 255.255.255.0

I am open for suggestions - thanks in advance!

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Felix
  • 1
  • By "clients" do you mean the clients themselves or hosts in their LAN/site? What are the routes to `10.8.3.0/24` and `10.8.4.0/24` for? – Tom Yan Aug 26 '21 at 05:28
  • Thanks for your reply. In my case the clients are hosts (routers). For example router 1 has the ip adress 10.8.3.1 and my laptop connected to the router has the ip adress 10.8.3.145. From here I want to ping the router 2 with the ip adress 10.8.4.1 or the device connected to the router 2 with the ip adress 10.8.4.100. As I understand it, I need the route command in the server config so the clients use the specifc ip adresses. – Felix Aug 26 '21 at 07:23
  • Unless the two routers / clients are using the tun (that leads to this server) as their default route, you'll need to `push` route for their subnets to each other. Besides, you will need to setup `iroute` for the subnets so that traffics from one LAN can actually be led to the (router of) the other. The `route` directives you added might actually be optional (unless you rely on IP forwarding on the server host instead of `client-to-client`). – Tom Yan Aug 26 '21 at 09:18

0 Answers0