Hi all,
I am setting up a site to site VPN using two Vyos virtual machines. These are both on the local network of each site.
I made test VMs in a local environment and got them connecting fine so I’m scratching my head why it isn’t working in production!
Site 1 - 192.168.100.0/24
Site 1 Router - 192.168.100.1/24
Site 1 WAN IP - 1.2.3.4
Site 1 Vyos VM - 192.168.100.19/24
Site 1 - 192.168.2.0/24
Site 2 Router - 192.168.2.1/24
Site 2 WAN IP - 5.6.7.8
Site 2 Vyos VM - 192.168.2.27/24
Internal IPs for Openvpn are
Site 1 Vyos - 172.16.8.1
Site 2 Vyos - 172.16.8.2
The sites are connected and I can ping/ssh into each other using the 172.16.8.1/2 addresses and their LAN Addresses but nothing else on their local networks through the tunnel. I have used both RIP to configure routes and added manual routes to interfaces (eg for site 1 - 192.168.100.0/24 to vtun1). Still no joy.
Please see config below:
Site 1 Config:
interfaces {
ethernet eth0 {
address 192.168.100.19/24
duplex auto
hw-id 00:0c:29:ac:8e:ab
smp_affinity auto
speed auto
}
loopback lo {
}
openvpn vtun1 {
local-address 172.16.8.1 {
}
local-host 192.168.100.19
local-port 19987
mode site-to-site
protocol udp
remote-address 172.16.8.2
remote-host WAN IP
remote-port 19987
shared-secret-key-file /config/auth/nott-leicester.psk
}
}
nat {
source {
}
}
protocols {
rip {
interface vtun1
neighbor 172.16.8.2
}
static {
interface-route 192.168.2.0/24 {
next-hop-interface vtun1 {
}
}
}
}
Site 2
interfaces {
ethernet eth0 {
address dhcp
duplex auto
hw-id 00:0c:29:c9:d1:18
smp_affinity auto
speed auto
}
loopback lo {
}
openvpn vtun1 {
local-address 172.16.8.2 {
}
local-host 192.168.2.27
local-port 19987
mode site-to-site
protocol udp
remote-address 172.16.8.1
remote-host WAN IP
remote-port 19987
shared-secret-key-file /config/auth/nott-leicester.psk
}
}
nat {
source {
}
}
protocols {
rip {
interface eth0
interface vtun1
neighbor 172.16.8.1
network 192.168.100.0/24
}
static {
interface-route 192.168.100.0/24 {
next-hop-interface vtun1 {
}
}
}
}
Results of “Show openvpn site-to-site status”
OpenVPN client status on vtun1 []
Remote CN Remote IP Tunnel IP TX byte RX byte Connected Since
None (PSK) 193.164.206.191 172.16.8.1 773.8K 656.3K N/A
Results of ping test to Openvpn IP
PING 172.16.8.1 (172.16.8.1) 56(84) bytes of data.
64 bytes from 172.16.8.1: icmp_req=1 ttl=64 time=18.3 ms
64 bytes from 172.16.8.1: icmp_req=2 ttl=64 time=18.4 ms
64 bytes from 172.16.8.1: icmp_req=3 ttl=64 time=18.4 ms
64 bytes from 172.16.8.1: icmp_req=4 ttl=64 time=18.4 ms
^C
— 172.16.8.1 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 18.354/18.443/18.492/0.175 ms
Results of ping test to LAN IP
PING 192.168.100.19 (192.168.100.19) 56(84) bytes of data.
64 bytes from 192.168.100.19: icmp_req=1 ttl=64 time=18.3 ms
64 bytes from 192.168.100.19: icmp_req=2 ttl=64 time=18.4 ms
64 bytes from 192.168.100.19: icmp_req=3 ttl=64 time=18.6 ms
64 bytes from 192.168.100.19: icmp_req=4 ttl=64 time=18.6 ms
^C
— 192.168.100.19 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 18.382/18.507/18.608/0.137 ms
Results of ping test to LAN IP of server
PING 192.168.100.4 (192.168.100.4) 56(84) bytes of data.
Then hangs
Thanks