Site to Site VPN routing problem

I have a situation as described below:
1- I have 2 OpenVPN Server(Server A & Server B).
2- Clients connects to each server via VPN, no direct LAN's.
3- Server B connected as a VPN client to Server A.
4- Server B Runs 2 OpenVPN instances
5- Asuume Laptop B connected via VPN to Server B, I need it to reach Server A (at least).
6- Server A VPN DHCP is  10.8.0.0/24
7- Server B VPN DHCP is 172.30.0.0/16
8- Server B has a static IP 10.8.0.101 (VPN client)

* The problem is that i cant reach Server A from Laptop B. And Server A cannot reach Server B on the on the VPN server ip,not the client ip.
VPN-diagram-4.jpg
The Networking configuration is as below:

Server A configuration

[root@localhost ~]# ifconfig
eth0      inet addr:X.X.X.X  Bcast:X.X.X.255  Mask:255.255.255.0
          

eth0:0    inet addr:X.X.X.X  Bcast:X.X.255.255  Mask:255.255.0.0
          

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
         

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:629066 errors:0 dropped:0 overruns:0 frame:0
          TX packets:416252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:136006302 (129.7 MiB)  TX bytes:114377768 (109.0 MiB)

Open in new window


Server B
[root@vps8887 ~]# ifconfig
eth0      inet addr:X.X.X.X  Bcast:X.X.X.255  Mask:255.255.255.0
          
eth0:0    inet addr:X.X.X.X  Bcast:X.X.X.255  Mask:255.255.255.0
          
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
         

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:172.30.0.1  P-t-P:172.30.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:69 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:4140 (4.0 KiB)  TX bytes:240 (240.0 b)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.101  P-t-P:10.8.0.102  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:34 errors:0 dropped:0 overruns:0 frame:0
          TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2856 (2.7 KiB)  TX bytes:8820 (8.6 KiB)

Open in new window


The routing for Server A:
[root@localhost ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.8.0.2        *               255.255.255.255 UH        0 0          0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
192.168.1.0     *               255.255.255.0   U         0 0          0 eth0
172.16.0.0      *               255.255.0.0     U         0 0          0 eth0
169.254.0.0     *               255.255.0.0     U         0 0          0 eth0
default         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

Open in new window


The routing for Server B:
  [root@vps8887 ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.8.0.102      *               255.255.255.255 UH        0 0          0 tun1
172.30.0.2      *               255.255.255.255 UH        0 0          0 tun0
X.X.X.0    *               255.255.255.0   U         0 0          0 eth0
10.8.0.0        10.8.0.101      255.255.255.0   UG        0 0          0 tun1
X.X.X.0   *               255.255.255.0   U         0 0          0 eth0
172.30.0.0      172.30.0.2      255.255.0.0     UG        0 0          0 tun0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         X.X.X.1    0.0.0.0         UG        0 0          0 eth0
default         X.X.X.1   0.0.0.0         UG        0 0          0 eth0

Open in new window


A problem appears when i'm trying to add routing on Server A, when adding the following command:

route add -net 172.30.0.0/16 gw 10.8.0.101
0

Open in new window


This error appears:

 "SIOCADDRT: Network is unreachable"


Finally: i need these sites to communicate each other.
LizaMolyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

asavenerCommented:
Can you post the OpenVPN configuration files?
0
LizaMolyAuthor Commented:
Server A

port 1194 
proto udp 
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
client-to-client
duplicate-cn
server 10.8.0.0 255.255.255.0
client-config-dir ccd
push "dhcp-option DNS 10.8.0.1"
status openvpn-status.log
keepalive 10 120
comp-lzo
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
verb 3

================ Server B Client ccd ================
push "dhcp-option DNS 8.8.8.8"
ifconfig-push 10.8.0.101 10.8.0.102
=====================================================

Open in new window



Open in new window



Server B

========================== Server B ( Server Config )========================== 

port 1194 
proto udp 
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
client-to-client
duplicate-cn
server 172.30.0.0 255.255.0.0
push " route 10.8.0.0 255.255.255.0 "
status openvpn-status.log
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

==================================================================================

===================== Server B ( Client Config )==================================

client
dev tun
proto udp
remote serverA 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
route-nopull
route 10.8.0.0 255.255.255.0 10.8.0.101
comp-lzo
verb 5

==================================================================================

Open in new window

0
LizaMolyAuthor Commented:
I solve it my self.
The important thing "ipforwarding" wasn't enabled on both sides. This is the major problem.
The routing all done by OpenVPN. No routing needed manually. As shown below:
VPN structure with solution
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LizaMolyAuthor Commented:
Clear and Complete.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.