i just set up an OpenVPN Server on a rented root Server. I can ping the OpenVPN Server IP, but can't connect or ping to other Machines (VMs) on the OpenVPN Server Network. According to the official OpenVPN doku i added "push route" to the server.conf to enable access to other Machines on the Server Network.
server.conf:
port 1194
proto udp
dev tun
ca ca.crt
cert ex1.crt
key ex1.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.10.0 255.255.255.0"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC-HMAC-SHA1
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
ifconfig from the openvpn server:
br0 Link encap:Ethernet HWaddr 62:e6:d9:07:46:c2
inet addr:148.251.139.133 Bcast:148.251.139.133 Mask:255.255.255.255
inet6 addr: fe80::60e6:d9ff:fe07:46c2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:69028 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2899368 (2.8 MB)
eth0 Link encap:Ethernet HWaddr 44:8a:5b:9b:a0:7d
inet addr:148.251.139.133 Bcast:148.251.139.159 Mask:255.255.255.224
inet6 addr: 2a01:4f8:210:4384::2/64 Scope:Global
inet6 addr: fe80::468a:5bff:fe9b:a07d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78430 errors:0 dropped:0 overruns:0 frame:0
TX packets:82129 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6908929 (6.9 MB) TX bytes:52446354 (52.4 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:21482 errors:0 dropped:0 overruns:0 frame:0
TX packets:21482 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:47236296 (47.2 MB) TX bytes:47236296 (47.2 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:672 (672.0 B) TX bytes:728 (728.0 B)
virbr0 Link encap:Ethernet HWaddr 52:54:00:76:9b:d5
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:277 errors:0 dropped:0 overruns:0 frame:0
TX packets:269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:41733 (41.7 KB) TX bytes:45532 (45.5 KB)
virbr1 Link encap:Ethernet HWaddr 52:54:00:4c:37:b5
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2258 errors:0 dropped:0 overruns:0 frame:0
TX packets:2446 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:370903 (370.9 KB) TX bytes:197319 (197.3 KB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:15:93:50
inet6 addr: fe80::fc54:ff:fe15:9350/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:277 errors:0 dropped:0 overruns:0 frame:0
TX packets:75139 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:45611 (45.6 KB) TX bytes:3938924 (3.9 MB)
vnet1 Link encap:Ethernet HWaddr fe:54:00:ff:e6:3e
inet6 addr: fe80::fc54:ff:feff:e63e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2258 errors:0 dropped:0 overruns:0 frame:0
TX packets:77316 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:402515 (402.5 KB) TX bytes:4090711 (4.0 MB)
The machine on the server network which i try to connect is a KVM VM and has got the IP: 10.10.10.2. I can ping 10.10.10.1 (IP of the virbr1). Ipv4 forwarding on the ovpn/kvm Server is enabled. While testing i also deactivate the ufw firewall of the ovpn server and of the VM.
If i ping 10.10.10.2 from the ovpn client i get the following tcpdump(tun0) on the server:
11:54:46.002533 IP 10.8.0.6 > 10.10.10.2: ICMP echo request, id 17629, seq 0, length 64 11:54:46.002602 IP 10.8.0.1 > 10.8.0.6: ICMP 10.10.10.2 protocol 1 port 10088 unreachable, length 92
while tcpdump of the virbr1 bridge(network of the vm: 10.10.10.2) doesn't show anything at all. I'm assuming, that the openvpn server doesn't forward the packets to virbr1.
routes of the openvpn server:
Kernel IP routing table Destination Gateway Genmask
Flags Metric Ref Use Iface
0.0.0.0 148.251.139.129 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1
148.251.139.128 148.251.139.129 255.255.255.224 UG 0 0 0 eth0
148.251.139.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0
148.251.164.152 0.0.0.0 255.255.255.255 UH 0 0 0 br0
148.251.164.153 0.0.0.0 255.255.255.255 UH 0 0 0 br0
148.251.164.154 0.0.0.0 255.255.255.255 UH 0 0 0 br0
148.251.164.155 0.0.0.0 255.255.255.255 UH 0 0 0 br0
148.251.164.156 0.0.0.0 255.255.255.255 UH 0 0 0 br0
148.251.164.157 0.0.0.0 255.255.255.255 UH 0 0 0 br0
148.251.164.158 0.0.0.0 255.255.255.255 UH 0 0 0 br0
148.251.164.159 0.0.0.0 255.255.255.255 UH 0 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
routes on the vm client:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
I'm really stuck with this problem and it would be really nice to be able to understand the problem and then be able to solve it.
