10451 questions

12453 answers

19379 comments

21870 members

0 votes
74 views 1 comments
by
Hello,

Ik bought a RUTX10 to replace a RUT950 as a Openvpn server.

i configuerd the device exacly the same, and the clients can connect to the new Openvpn server except i'm not able to ping the local ip-adres (the one that is routed) from the client.

Settings:

TUN

TCP

1194

LZO Yes

TLS

AES-256-GCM

TLS cipher All

Virtual network ip adress 10.8.0.1

Virtual network netmask 255.255.255.0

Push option Route 10.54.1.0 255.255.255.0 enz.

TLS Clients:

vpnclient1 10.54.1.0 255.255.255.0

On the RUT950 this works perfect, Can someone tell me what i'm doing wrong?

1 Answer

0 votes
by
Hello,

Regarding your configuration kindly make sure that the RUTX10 is having the correct IP address. Because mainly you need to have a Public IP address to host the OpenVPN server. Other than that make sure you uploaded the correct certificate files. Sharing with me a copy of the troubleshoot file of the OpenVPN Server and the OpenVPN Clients will be helpful to identify what seems to be wrong.

Thanks

Regards,
Jerome
by

Hi Jerome,

The clients are connecting, so my guess is that my config is correct. but instead of routing the adresses that are giving at "Push option" the server is giving me the following notice:

Wed Mar  9 04:33:22 2022 daemon.notice openvpn(gbs)[12019]: vpnclient1/176.83.143.131:4310 MULTI: bad source address from client [13.94.132.101], packet dropped              

                                                                                                                                              

Server Config

The config from the clients haven't changed since this was a 1 on 1 replacemend for the RUT950 who was acting like a openvpn server before.

After completely opening the firewall i get the following result:



Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 VERIFY OK: depth=1, CN=Veolia
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 VERIFY OK: depth=0, CN=vpnclient1
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_VER=2.4.5
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_PLAT=linux
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_PROTO=2
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_NCP=2
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_LZ4=1
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_LZ4v2=1
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_LZO=1
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_COMP_STUB=1
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_COMP_STUBv2=1
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 peer info: IV_TCPNL=1
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 Control Channel: TLSv1.3, cipher TLS
v1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: 176.83.143.131:4493 [vpnclient1] Peer Connection Initiat
ed with [AF_INET]176.83.143.131:4493
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: vpnclient1/176.83.143.131:4493 MULTI_sva: pool returned
IPv4=10.8.0.14, IPv6=(Not enabled)
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: vpnclient1/176.83.143.131:4493 MULTI: Learn: 10.8.0.14 -
> vpnclient1/176.83.143.131:4493
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: vpnclient1/176.83.143.131:4493 MULTI: primary virtual IP
for vpnclient1/176.83.143.131:4493: 10.8.0.14
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: vpnclient1/176.83.143.131:4493 Outgoing Data Channel: Ci
pher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 9 12:13:27 2022 daemon.notice openvpn(gbs)[26483]: vpnclient1/176.83.143.131:4493 Incoming Data Channel: Ci
pher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 9 12:13:28 2022 daemon.notice openvpn(gbs)[26483]: vpnclient1/176.83.143.131:4493 PUSH: Received control me
ssage: 'PUSH_REQUEST'
Wed Mar 9 12:13:28 2022 daemon.notice openvpn(gbs)[26483]: vpnclient1/176.83.143.131:4493 SENT CONTROL [vpnclient1]
: 'PUSH_REPLY,route 10.54.1.0 255.255.255.0,route 10.54.2.0 255.255.255.0,route 10.54.3.0 255.255.255.0,route 10.54.
4.0 255.255.255.0,route 10.54.5.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8
.0.14 10.8.0.13,peer-id 0,cipher AES-256-GCM' (status=1)
root@Teltonika-RUTX10:~# ping 10.54.1.1
PING 10.54.1.1 (10.54.1.1): 56 data bytes
^C
--- 10.54.1.1 ping statistics ---
16 packets transmitted, 0 packets received, 100% packet loss
root@Teltonika-RUTX10:~# ping 10.8.0.14
PING 10.8.0.14 (10.8.0.14): 56 data bytes
64 bytes from 10.8.0.14: seq=0 ttl=64 time=134.861 ms
64 bytes from 10.8.0.14: seq=1 ttl=64 time=146.936 ms
64 bytes from 10.8.0.14: seq=2 ttl=64 time=146.306 ms
^C
--- 10.8.0.14 ping statistics ---
4 packets transmitted, 3 packets received, 25% packet loss
round-trip min/avg/max = 134.861/142.701/146.936 ms
So it stil isn't routing 10.8.0.14 to 10.54.1.1