All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OpenVPN trouble. Routing.
Hey guys,
this OpenVPN stuff is making me crazy. I hope someone can help me.
I'm having the following setup.
1. Host
The host is running Proxmox and therefor runs a bunch of VMS. So it does have to Network interfaces. One for the WAN IP and one internal network to connect the VMS.
WAN IP: 111.222.222.222
Local Network: 10.0.1.0/24
TUN: 10.8.0.4
- VPN Server
The VPN server is a completely different machine. It does only have its main WAN IP.
WAN IP: 100.200.200.200
TUN: 10.8.0.1
My goal is to be able to connect to the OpenVPN server and it should be possible to reach all VMS running on Host.
What I have so far? I have both systems set up. The Host has the local network which is working. It has internet access and its running an openvpn client which successfully connects to the VPN server and is able to ping the TUN devices. So far so good.
To be able to ping the local network on the host i have added a route on the VPN Server
ip route add 10.0.1.0/24 via 10.8.0.4
when i use tcpdump and try to ping just some machine in the local network of the host i can see the following:
09:40:05.274929 ip: 10.8.0.1 > 10.0.1.200: ICMP echo request, id 1296, seq 1, length 64
09:40:06.277432 ip: 10.8.0.1 > 10.0.1.200: ICMP echo request, id 1296, seq 2, length 64
09:40:07.301467 ip: 10.8.0.1 > 10.0.1.200: ICMP echo request, id 1296, seq 3, length 64
09:40:31.072686 ip: 10.8.0.1 > 10.0.1.200: ICMP echo request, id 1297, seq 1, length 64
using tcpump on the Host i do not see anything.
So my thoughts are, that the VPN Server is actually really using the gateway to send the packets to the host... but then?
I tried to add different routes and stuff, i added SNAT and so on but nothing helped.
please help my.. shit is driving me insane
best regards
Comments
run tcpdump on the VPN server itself.
Also, is ip_forward set to 1?
it looks like space/alien tech to me
use wireguard!
As @FHR said, is your host setup to properly forward your packets?
How are the machines connected? Can they even talk to eachother without the VPN? How is your config(traffic pushing)? Iptables config?
Wouldn't it be easier to run the VPN server on the proxmox host, if the main purpose of it is to connect to VM's?
Post the output of "ip a" from both machines. Remember tun is a layer 3 adapter and tap is layer 2, so if you want to create an ethernet network between both devices then tap might be a better choice. Personally I found this easier than messing around with routing.
https://openvpn.net/community-resources/ethernet-bridging/
Forward your backdoor.
That's a good way to get yourself a .HIV tld.
First of all can the openvpn box connect to any of the hosted VMs?
Edited.
PS: Post the whole routing table.