Hello,
I am using a vpn routed configuration (see below)
and I am trying to connect two lans.
At this moment I am able to ping:
1) from pc's from asus-vpn-server's lan (192.168.0.1):
- ping 10.8.0.1 OK
- ping 10.8.0.4 OK
- ping 192.168.1.222 Request timed out.
- ping 192.168.1.1 Request timed out.
2) from asus-vpn-server (192.168.0.111):
- ping 10.8.0.4 OK
- ping 192.168.1.222 Request timed out.
- ping 192.168.1.1 Request timed out.
3) from asus-vpn-client (192.168.1.222):
- ping 10.8.0.1 OK
- ping 192.168.0.111 OK
- ping 192.168.0.1 OK
4) from pc's from asus-vpn-client's lan (192.168.1.1):
- ping 10.8.0.1 Request timed out.
- ping 10.8.0.4 OK
- ping 192.168.0.111 Request timed out.
- ping 192.168.0.1 Request timed out.
I already added a route to asus-vpn-client (192.168.1.222),
but without success (can't ping remote pc's from server's lan):
route add -net 10.8.0.0 netmask 255.255.255.0 gw 192.168.1.222
I need a hint, I am out of resources, I searched and read a lot...
Thank you very much
-------------------------------------------------
--------------Configuration----------------------
-------------------------------------------------
WL-500gP1 (OpenVPN Server)
---------
LAN: 192.168.0.111 255.255.255.0
WAN: 10.10.10.10 255.255.255.0 (GW: 10.10.10.1)
VPN: 10.8.0.1 255.255.255.0
WL-500gP2 (OpenVPN Client)
---------
LAN: 192.168.1.222 255.255.255.0
WAN: 10.10.10.11 255.255.255.0 (GW: 10.10.10.1)
VPN: 10.8.0.4 255.255.255.0
----------
1. Server:
----------
/usr/local/sbin/post-firewall
=============================
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I INPUT -m udp -p udp --dport 1194 -j ACCEPT
/opt/etc/init.d/S50openvpn
==========================
# start
# ...
insmod tun.o
echo 1 > /proc/sys/net/ipv4/ip_forward
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon --config /opt/etc/openvpn/server.conf
# stop
# ...
killall openvpn 2> /dev/null
echo 0 > /proc/sys/net/ipv4/ip_forward
rmmod tun
/opt/etc/openvpn/server.conf
============================
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
ifconfig-pool-persist /opt/etc/openvpn/ipp.txt
### content of ipp.txt:
### Client,10.8.0.4
ca /opt/etc/openvpn/easy-rsa/keys/ca.crt
cert /opt/etc/openvpn/easy-rsa/keys/server.crt
key /opt/etc/openvpn/easy-rsa/keys/server.key
dh /opt/etc/openvpn/easy-rsa/keys/dh1024.pem
tls-auth /opt/etc/openvpn/easy-rsa/keys/ta.key 0
cipher BF-CBC
push "route 192.168.0.0 255.255.255.0"
topology subnet
log-append /opt/var/log/openvpn.log
verb 3
script-security 2
up /opt/etc/openvpn/openvpn.up
### content of openvpn.up:
### #!/bin/sh
### route add -net 10.8.0.0 netmask 255.255.255.0 gw 192.168.0.111
down /opt/etc/openvpn/openvpn.down
user nobody
group nobody
comp-lzo
persist-tun
persist-key
keepalive 10 60
----------
2. Client:
----------
/opt/etc/init.d/S50openvpn
==========================
# start
# ...
insmod tun.o
echo 1 > /proc/sys/net/ipv4/ip_forward
/opt/sbin/openvpn --cd /opt/etc/openvpn --daemon --config /opt/etc/openvpn/client.conf
# stop
# ...
killall openvpn 2> /dev/null
echo 0 > /proc/sys/net/ipv4/ip_forward
rmmod tun
/usr/local/sbin/post-firewall
=============================
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I INPUT -m udp -p udp --dport 1194 -j ACCEPT
/opt/etc/openvpn/client.conf
============================
client
remote 10.10.10.10 1194
proto udp
dev tun
resolv-retry infinite
nobind
ca /opt/etc/openvpn/easy-rsa/keys/ca.crt
cert /opt/etc/openvpn/easy-rsa/keys/client.crt
key /opt/etc/openvpn/easy-rsa/keys/client.key
tls-auth /opt/etc/openvpn/easy-rsa/keys/ta.key 1
cipher BF-CBC
ns-cert-type server
log-append /opt/var/log/openvpn.log
verb 3
script-security 2
comp-lzo
persist-tun
persist-key
user nobody
group nobody
keepalive 10 60