LizaMoly
asked on
Site to Site VPN routing problem
I have a situation as described below:
1- I have 2 OpenVPN Server(Server A & Server B).
2- Clients connects to each server via VPN, no direct LAN's.
3- Server B connected as a VPN client to Server A.
4- Server B Runs 2 OpenVPN instances
5- Asuume Laptop B connected via VPN to Server B, I need it to reach Server A (at least).
6- Server A VPN DHCP is 10.8.0.0/24
7- Server B VPN DHCP is 172.30.0.0/16
8- Server B has a static IP 10.8.0.101 (VPN client)
* The problem is that i cant reach Server A from Laptop B. And Server A cannot reach Server B on the on the VPN server ip,not the client ip.
The Networking configuration is as below:
Server A configuration
Server B
The routing for Server A:
The routing for Server B:
A problem appears when i'm trying to add routing on Server A, when adding the following command:
This error appears:
"SIOCADDRT: Network is unreachable"
Finally: i need these sites to communicate each other.
1- I have 2 OpenVPN Server(Server A & Server B).
2- Clients connects to each server via VPN, no direct LAN's.
3- Server B connected as a VPN client to Server A.
4- Server B Runs 2 OpenVPN instances
5- Asuume Laptop B connected via VPN to Server B, I need it to reach Server A (at least).
6- Server A VPN DHCP is 10.8.0.0/24
7- Server B VPN DHCP is 172.30.0.0/16
8- Server B has a static IP 10.8.0.101 (VPN client)
* The problem is that i cant reach Server A from Laptop B. And Server A cannot reach Server B on the on the VPN server ip,not the client ip.
The Networking configuration is as below:
Server A configuration
[root@localhost ~]# ifconfig
eth0 inet addr:X.X.X.X Bcast:X.X.X.255 Mask:255.255.255.0
eth0:0 inet addr:X.X.X.X Bcast:X.X.255.255 Mask:255.255.0.0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:629066 errors:0 dropped:0 overruns:0 frame:0
TX packets:416252 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:136006302 (129.7 MiB) TX bytes:114377768 (109.0 MiB)Server B
[root@vps8887 ~]# ifconfig
eth0 inet addr:X.X.X.X Bcast:X.X.X.255 Mask:255.255.255.0
eth0:0 inet addr:X.X.X.X Bcast:X.X.X.255 Mask:255.255.255.0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.30.0.1 P-t-P:172.30.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:69 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4140 (4.0 KiB) TX bytes:240 (240.0 b)
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.101 P-t-P:10.8.0.102 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2856 (2.7 KiB) TX bytes:8820 (8.6 KiB)The routing for Server A:
[root@localhost ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
172.16.0.0 * 255.255.0.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0The routing for Server B:
[root@vps8887 ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.8.0.102 * 255.255.255.255 UH 0 0 0 tun1
172.30.0.2 * 255.255.255.255 UH 0 0 0 tun0
X.X.X.0 * 255.255.255.0 U 0 0 0 eth0
10.8.0.0 10.8.0.101 255.255.255.0 UG 0 0 0 tun1
X.X.X.0 * 255.255.255.0 U 0 0 0 eth0
172.30.0.0 172.30.0.2 255.255.0.0 UG 0 0 0 tun0
link-local * 255.255.0.0 U 0 0 0 eth0
default X.X.X.1 0.0.0.0 UG 0 0 0 eth0
default X.X.X.1 0.0.0.0 UG 0 0 0 eth0A problem appears when i'm trying to add routing on Server A, when adding the following command:
route add -net 172.30.0.0/16 gw 10.8.0.101
0This error appears:
"SIOCADDRT: Network is unreachable"
Finally: i need these sites to communicate each other.
asavener
Can you post the OpenVPN configuration files?
ASKER
Server A
Server B
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
client-to-client
duplicate-cn
server 10.8.0.0 255.255.255.0
client-config-dir ccd
push "dhcp-option DNS 10.8.0.1"
status openvpn-status.log
keepalive 10 120
comp-lzo
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
verb 3
================ Server B Client ccd ================
push "dhcp-option DNS 8.8.8.8"
ifconfig-push 10.8.0.101 10.8.0.102
=====================================================Server B
========================== Server B ( Server Config )==========================
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
client-to-client
duplicate-cn
server 172.30.0.0 255.255.0.0
push " route 10.8.0.0 255.255.255.0 "
status openvpn-status.log
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
==================================================================================
===================== Server B ( Client Config )==================================
client
dev tun
proto udp
remote serverA 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
route-nopull
route 10.8.0.0 255.255.255.0 10.8.0.101
comp-lzo
verb 5
==================================================================================ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Clear and Complete.