OpenVPN connected but cannot ping gateway or resolve ip addresses

openvpn

#1

Hi, I’m new to Vyos, I appreciate your help.

I have configured OpenVPN as client/server, I can connect but I cannot ping the gateway or resolve ip addresses. I suspect there is an issue with routes, I tried to set static routes but I haven’t any luck. Nothing on the logs to work with.

My LAN: 10.99.1.0
Internal IP address of the VPS 10.99.0.10

My config.boot

sashree@R1:/config$ cat config.boot
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name OUTSIDE-IN {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
}
name OUTSIDE-LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
rule 30 {
action drop
destination {
port 22
}
protocol tcp
recent {
count 4
time 60
}
state {
new enable
}
}
rule 31 {
action accept
destination {
port 22
}
protocol tcp
state {
new enable
}
}
rule 32 {
action accept
description “allow openvpn connections”
destination {
port 443
}
protocol udp
state {
new enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
twa-hazards-protection disable
}
interfaces {
ethernet eth0 {
address 42.65.35.34/23
description OUTSIDE
duplex auto
firewall {
in {
name OUTSIDE-IN
}
local {
name OUTSIDE-LOCAL
}
}
mtu 1450
smp_affinity auto
speed auto
}
ethernet eth1 {
address 10.99.0.10/16
description INSIDE
duplex auto
mtu 1450
smp_affinity auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
encryption bf128
hash sha1
local-port 443
mode server
openvpn-option “–push redirect-gateway def1”
openvpn-option “–push route-gateway dhcp”
openvpn-option “–push dhcp-option DNS 10.99.0.1”
server {
domain-name internal-network
name-server 10.99.0.1
push-route 10.99.1.0/16
subnet 10.99.0.0/16
}
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/R1.crt
dh-file /config/auth/dh1024.pem
key-file /config/auth/R1.key
}
}
}
nat {
source {
rule 100 {
outbound-interface eth0
source {
address 10.99.1.0/16
}
translation {
address masquerade
}
}
}
}
protocols {
static {
interface-route 10.99.1.0/24 {
next-hop-interface vtun0 {
}
}
}
}
service {
dns {
forwarding {
cache-size 0
listen-on vtun0
name-server 8.8.8.8
name-server 8.8.4.4
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
}
gateway-address 4.3.2.1
host-name R1
login {
user sashree {
authentication {
encrypted-password $6$rqrcl/LlYejtQ.oRTyBDhQbVBt6b6TPoL9rcpdQv1.XM/lMLITaUbxyy1mwgDS/
plaintext-password “”
public-keys sashree@R1 {
key POmGtwcb6eqH9hVhGpCEaWq96LlGiAQkXvqRv4uAlQBUo1OpuOX6nNdtgmLAFuYy7o4m7GIUMTC4AGn+4edS1ZnroGX8w6cXYhiZr7D2yxCsNYYgiEAFmXipaSeBtvlk0M0Th9d/rO/u9SjVWV3Nj+Op+AlrlSX/Fiqg6MJBg+o/tlq+BqDuCHSNhnkpPQXnv6YZ4ndK3yNiYRaS/jSW+DZ1Cp7FLr/hJ5UShk3Vdcx55KWu78AQNExgsqJSvxWR8SHVWa1H0Kxvi2nOxhirw2Cq9yytOdO2hNf0tJ1cCHr==
type ssh-rsa
}
}
full-name “Sashree Seepersad”
level admin
}
user vyos {
authentication {
encrypted-password $1$4FXATQKD$NsHngi/k7ZvA9Z5ixMD3y1
}
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password “”
url http://packages.vyos.net/vyos
username “”
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}

sashree@R1:/config$ sho ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route

S>* 0.0.0.0/0 [1/0] via 42.43.13.1, eth0
C * 10.99.0.0/16 is directly connected, vtun0
C>* 10.99.0.0/16 is directly connected, eth1
S>* 10.99.1.0/24 [1/0] is directly connected, vtun0
C>* 45.63.14.0/23 is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo


#2

I don’t think you should use overlapping subnets. Use distinct subnets for the openvpn client vs. the server. Then push the whole server subnet to the client.


#3

Hi jl3128, After a little more troubleshooting that’s what I did and It worked.

Thanks again


#4

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.