0

I have a server connected to network 192.168.200.0/24 it is our local network office's and 172.20.0.0/16 it is VPN network shared in office.

And I have install OpenVPN server on the same server in routing (level 3) mode. In order to server mode work properly you must specify network like:

server 1.2.3.4 255.255.255.0

Is there a possible to select here network 172.20.34.0/24 which is part of my existing network VPN 172.20.0.0/16?

If yes ping can't reach my VPN server from connected VPN client:

ping 172.20.34.1
PING 172.20.34.1 (172.20.34.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
--- 172.20.34.1 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

But in case you change network to 172.21.34.0/24 (not intersect with 172.20.0.0/16) all work fine.

ping 172.21.34.1
PING 172.21.34.1 (172.21.34.1): 56 data bytes
64 bytes from 172.21.34.1: icmp_seq=0 ttl=64 time=0.978 ms
64 bytes from 172.21.34.1: icmp_seq=1 ttl=64 time=0.871 ms
64 bytes from 172.21.34.1: icmp_seq=2 ttl=64 time=0.813 ms
64 bytes from 172.21.34.1: icmp_seq=3 ttl=64 time=0.893 ms
64 bytes from 172.21.34.1: icmp_seq=4 ttl=64 time=0.896 ms
64 bytes from 172.21.34.1: icmp_seq=5 ttl=64 time=0.874 ms
^C
--- 172.21.34.1 ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.813/0.887/0.978/0.049 ms

It is not possible what i want? Or it is possible (intersect networks) but i doing something wrong?

UPDATE:

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
17.192.218.114  19.190.250.181  255.255.255.255 UGH   0      0        0 eth1
10.21.34.2      0.0.0.0         255.255.255.255 UH    0      0        0 tun1
113.33.246.52   0.0.0.0         255.255.255.252 U     0      0        0 eth2
19.190.250.180  0.0.0.0         255.255.255.252 U     0      0        0 eth1
192.168.200.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.21.34.0      10.21.34.2      255.255.255.0   UG    0      0        0 tun1
172.30.0.0      19.190.250.181  255.255.0.0     UG    0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1004   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1005   0        0 eth2
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 tun0
172.20.0.0      19.190.250.181  255.255.0.0     UG    0      0        0 eth1
10.208.0.0      0.0.0.0         255.240.0.0     U     0      0        0 tun0
10.176.0.0      0.0.0.0         255.240.0.0     U     0      0        0 tun0
0.0.0.0         19.190.250.181  0.0.0.0         UG    0      0        0 eth1
  • Mihail, do you mean network subnet overlay? Like having 172.20.0.0/16 and 172.21.34.0/24 on two interfaces in the same time? – Michal Sokolowski Sep 01 '17 at 10:54
  • No, 172.20.0.0/16 it is network not belong to any iface it is route to vpn network. But this network reachable throuhg eth0 which is 192.168.200.0/24 network member and is a part of vpn network 192.168.200.0/24<->172.20.0.0/16. And our OpenVPN network will be work properly if i choose 172.20.34.0/24 network for vpn users. Actually now ping is pass only if vpn network do not intersect with ipsec vpn network 172.20.0.0/16. –  Sep 05 '17 at 09:45
  • Okay, I think I understand it more now. Can you please show route table of the VPN concentrator when OpenVPN is connected like: `route -n`. I'd like to see at least: routes, masks and metrics of the OpenVPN and IPSec subnets. – Michal Sokolowski Sep 06 '17 at 14:09
  • I have update my question, added "route -n" output. –  Sep 13 '17 at 19:12

0 Answers0