The pc hosting the vpn has ip
192.168.10.252/24 gw 192.168.10.1 interface enp3s0
10.10.10.0/24 interface tun0
The server router has ip 192.168.10.1
Door 1194 is correctly open, the connection is in fact established.
The problem is that from the client I don't ping the vpn network and I don't even reach the pc behind the vpn.
The vpn does not and must not act as a gateway to the network.
This is the server code
Code: Select all
# Secure OpenVPN Server Config
# Basic Connection Config
dev tun
proto udp
port 1194
keepalive 10 120
max-clients 5
# Certs
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
client-to-client
# Ciphers and Hardening
reneg-sec 0
remote-cert-tls client
crl-verify /etc/openvpn/server/crl.pem
tls-version-min 1.2
cipher AES-256-CBC
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
# Drop Privs
user nobody
group nobody
# IP pool
server 10.10.10.0 255.255.255.0
;client-config-dir ccd
# Misc
persist-key
persist-tun
comp-lzo
duplicate-cn
# DHCP Push options force all traffic through VPN and sets DNS servers
;push "redirect-gateway def1"
;push "dhcp-option DNS 8.8.8.8"
;push "dhcp-option DNS 8.8.4.4"
push "route 192.168.10.0 255.255.255.0"
# Logging
log-append /var/log/openvpn.log
verb 3
Code: Select all
client
dev tun
proto udp4
remote public_ip 1194
ca ca.crt
cert user.crt
key ueser.key
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lzo
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
Code: Select all
[root@openvpn-srv openvpn]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.1 0.0.0.0 UG 100 0 0 enp3s0
10.10.10.0 10.10.10.2 255.255.255.0 UG 0 0 0 tun0
10.10.10.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.10.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0
Code: Select all
[root@openvpn-srv openvpn]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: dhcpv6-client openvpn ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Thanks