Link to home
Start Free TrialLog in
Avatar of ASLUser
ASLUser

asked on

OpenVPN running on Ubuntu 14.4 x64

Good Day,
 
I am having issues getting the latest version of OpenVPN to work on Ubuntu 14.4 x64,

I have OpenVPN installed and running at a remote site and can connect via username and password, the problem is that I have another subnet at the remote site which the VPN using cant get to.

The network looks like:

Remote Site:
Virtual OpenVPN server: 10.161.126.69/24
OpenVPN DHCP: 10.161.127.X/24
Sonic Wall connecting all hosts
ESX 5.5 server

When I connect a Win7 computer to the VPN it can ping all hosts in the 10.161.127.X/24 subnet but nothing in the 10.161.126.X/24 subnet

The OpenVPN server can ping everything, I have configured the OpenVPN server.conf see attached and cant see why I cant get to the other subnet, I have even tried setting up the OpenVPN to issue 10.161.126.X/24 IPs the same as the other subnet but still cant get to anything.

Does anyone have a clue as to what I am doing wrong? I have been trying to do this for weeks.

Thanks
server.conf.txt
client.txt
Avatar of TimotiSt
TimotiSt
Flag of Ireland image

Can you post a little diagram on the connection of subnets, just to be clear?
Also, what virtualization platform do you use? Promiscuous/secure mode on the virtual NIC can be an issue.
Avatar of Mar Fan
Mar Fan

Hi,

I noticed several things:

- Remove the double slashes
- Set the path for dh2048.pem
- Change the network mask on the interface of the windows machine

Please check:
- Can you see the incoming icmp packets on the vpn gw when pinging it from a windows machine?
- If yes, can you see the reply going out on the vpn gw?
- If yes, can you see the reply coming in on the windows machine?
- Can you see the arp replies?

BR

pingu
Avatar of ASLUser

ASKER

Hi,

I have updated the settings in the server.conf and also ran a "tcpdump icmp[0] == 8" on the gateway.

The result of the tcpdump is:

1. If I ping the GW from the win7 VPN client no ICMP is received
2. If I ping the GW from another virtual machine local to the GW I can see ICMP received  
3. If I ping the GW from another physical box local to the GW I can see ICMP received

So ICMP is only a problem with VPN clients

The virtual environment is a ESX 5.5 server with a QNAP storage using Ethernet see attached image.
layout.GIF
Thanks, that diagram is very pretty and helpful! Kudos!

Does the Sonicwall have a static route to 10.161.127.0/24 behind 10.161.126.69?
Or does the Openvpn box perform source NAT on the outgoing packets?
ASKER CERTIFIED SOLUTION
Avatar of noci
noci

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial