OpenVPN tunnel created, but no traffic passes


#1

I’m having some trouble with my openvpn setup. I can connect to it OK. But once connected, no traffic will pass whatsoever. I can’t even ping the remote side of the tunnel.

This is a brand new install with no firewalling setup whatsoever. I’m seeing the same behavior on two different clients, mac and linux. Both can connect OK, but pass no traffic at all once connected.

vyOS config;

vyos@vpn02:~$ show configuration interfaces { ethernet eth0 { address 10.0.0.100/24 duplex auto hw-id 00:0c:29:cf:9e:7e smp_affinity auto speed auto } loopback lo { } openvpn vtun0 { encryption aes256 hash sha512 mode server openvpn-option --comp-lzo server { domain-name home.domain.net max-connections 5 name-server 10.0.0.12 push-route 10.0.0.0/24 subnet 10.99.1.0/27 } tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/vpn02-server.crt dh-file /config/auth/dh4096.pem key-file /config/auth/vpn02-server.key } } } protocols { static { route 0.0.0.0/0 { next-hop 10.0.0.1 { distance 1 } } } } service { dns { forwarding { cache-size 150 listen-on vtun0 } } ssh { listen-address 10.0.0.100 port 22 } } system { config-management { commit-revisions 20 } console { device ttyS0 { speed 9600 } } domain-name home.domain.net host-name vpn02 login { user vyos { authentication { encrypted-password **************** plaintext-password **************** public-keys user@home.domain.net { key **************** type ssh-rsa } } level admin } } name-server 10.0.0.12 ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } package { auto-sync 1 repository community { components main distribution helium password **************** url http://packages.vyos.net/vyos username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone America/New_York }

linux client config;

client proto udp cipher AES-256-CBC auth SHA512 remote-cert-tls server verb 4 dev tun cert user.crt key user.key ca ca.crt remote 10.0.0.100 1194 comp-lzo

Some info from the VYos device;

[code]vyos@vpn02:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route

S>* 0.0.0.0/0 [1/0] via 10.0.0.1, eth0
C>* 10.0.0.0/24 is directly connected, eth0
C>* 10.99.1.0/27 is directly connected, vtun0
C>* 127.0.0.0/8 is directly connected, lo

vyos@vpn02:~$ show version
Version: VyOS 1.1.7
Description: VyOS 1.1.7 (helium)
Copyright: 2016 VyOS maintainers and contributors
Built by: maintainers@vyos.net
Built on: Wed Feb 17 09:57:31 UTC 2016
Build ID: 1602170957-4459750
System type: x86 64-bit
Boot via: image
Hypervisor: VMware
HW model: VMware Virtual Platform
HW S/N: VMware-56 4d 70 26 2a ac d7 33-a3 42 f0 af a4 cf 9e 7e
HW UUID: 564D7026-2AAC-D733-A342-F0AFA4CF9E7E
Uptime: 13:13:49 up 1 day, 13:40, 2 users, load average: 0.00, 0.01, 0.05
[/code]

Is there something else that needs to be done/enabled on the vyOS system? I’m pretty sure it’s not a local network issue since I first set this same config up on a PFSense VM using the same IP and subnets (that VM is currently off) and that works fine.

I’m wondering if there’s some routing somewhere I missed or just have to enable.

Thanks!


#2

Ok, got it figured out. I should’ve followed my normal procedure and started with a simple working config, then started tweaking. I ended up not trying to push specific routes and just went with a “replace-default-route” to send everything through the tunnel.

New vtun0 config below;

    openvpn vtun0 {
        encryption aes256
        hash sha512
        mode server
        openvpn-option --comp-lzo
        replace-default-route {
        }
        server {
            domain-name home.kyaphas.net
            max-connections 5
            name-server 10.0.0.12
            subnet 10.99.1.0/27
        }
        tls {
            ca-cert-file /config/auth/ca.crt
            cert-file /config/auth/vpn02-server.crt
            dh-file /config/auth/dh4096.pem
            key-file /config/auth/vpn02-server.key