I’m having some trouble with my openvpn setup. I can connect to it OK. But once connected, no traffic will pass whatsoever. I can’t even ping the remote side of the tunnel.
This is a brand new install with no firewalling setup whatsoever. I’m seeing the same behavior on two different clients, mac and linux. Both can connect OK, but pass no traffic at all once connected.
vyOS config;
vyos@vpn02:~$ show configuration
interfaces {
ethernet eth0 {
address 10.0.0.100/24
duplex auto
hw-id 00:0c:29:cf:9e:7e
smp_affinity auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
encryption aes256
hash sha512
mode server
openvpn-option --comp-lzo
server {
domain-name home.domain.net
max-connections 5
name-server 10.0.0.12
push-route 10.0.0.0/24
subnet 10.99.1.0/27
}
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/vpn02-server.crt
dh-file /config/auth/dh4096.pem
key-file /config/auth/vpn02-server.key
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 10.0.0.1 {
distance 1
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on vtun0
}
}
ssh {
listen-address 10.0.0.100
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
domain-name home.domain.net
host-name vpn02
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
public-keys user@home.domain.net {
key ****************
type ssh-rsa
}
}
level admin
}
}
name-server 10.0.0.12
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ****************
url http://packages.vyos.net/vyos
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone America/New_York
}
linux client config;
client
proto udp
cipher AES-256-CBC
auth SHA512
remote-cert-tls server
verb 4
dev tun
cert user.crt
key user.key
ca ca.crt
remote 10.0.0.100 1194
comp-lzo
Some info from the VYos device;
[code]vyos@vpn02:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 10.0.0.1, eth0
C>* 10.0.0.0/24 is directly connected, eth0
C>* 10.99.1.0/27 is directly connected, vtun0
C>* 127.0.0.0/8 is directly connected, lo
vyos@vpn02:~$ show version
Version: VyOS 1.1.7
Description: VyOS 1.1.7 (helium)
Copyright: 2016 VyOS maintainers and contributors
Built by: maintainers@vyos.net
Built on: Wed Feb 17 09:57:31 UTC 2016
Build ID: 1602170957-4459750
System type: x86 64-bit
Boot via: image
Hypervisor: VMware
HW model: VMware Virtual Platform
HW S/N: VMware-56 4d 70 26 2a ac d7 33-a3 42 f0 af a4 cf 9e 7e
HW UUID: 564D7026-2AAC-D733-A342-F0AFA4CF9E7E
Uptime: 13:13:49 up 1 day, 13:40, 2 users, load average: 0.00, 0.01, 0.05
[/code]
Is there something else that needs to be done/enabled on the vyOS system? I’m pretty sure it’s not a local network issue since I first set this same config up on a PFSense VM using the same IP and subnets (that VM is currently off) and that works fine.
I’m wondering if there’s some routing somewhere I missed or just have to enable.
Thanks!