OpenVpn Tunnel Clients don't see each other

mastgen · June 9, 2021, 10:33am

NethServer Version: NethServer 7.9.2009 Enterprise
Module: Tunnel OVPN

Hello to everyone and thanks in andvace for welcome

I recently opted for the Nethserver solution in the company connecting 9 client vpn tunnels to a vpn tunnel server " star center" for a question of querying data from a software.
The clients and the “star center” are able to exchange data ( i can ping their subnets) but from a client to another client is not possible (example: from subnet .60 i can’t ping subnet .61 etc but i can ping only “star center” from tunnel client).

This is a scheme of the network (I apologize for my sketch drawn)ù

I appreciate any suggestions to allow communication between tunnel clients.

Is there something I can do from the “star center”?

Thank so much

Andy_Wismer · June 9, 2021, 10:56am

@mastgen

Hi Gennaro

And welcome to the NethServer Community!

If you want clients to be able to “see” each other, you’ll have to edit your Roadwarrior Config, and add in this (Under advanced):

Hope this helps!

My 2 cents
Andy

mastgen · June 9, 2021, 11:26am

Hi Andy and thanks for response!

The type of connection i am using is Tunnel OVPN.

To make you better understand this is my server and client side configuration:

Nethserver Tunnel Client Side (one of 9)
Name: name of connection
Remote Host: public address star center
Port: my tunnel vpn port
Topology: Subnet
Authentication: Certificate
Certificate: The certificate with private key
Remote Network: The local network of star center
Mode: Routed
Protocol: UDP
Compression: Disable
Digest: AUTO
Algorithm: Disable
Special order provider: Disable

Nethserver Tunnel Server Side (Star Center)
Name: name of connection
Connection: public address (There the public ip address of my star center)
Port: my tunnel vpn port
Routes:
Local network: The local network of star center
Remote network: The remote local network
Topology: Subnet
VPN Network: The VPN address with sub
Protocol: UDP
Compression: Disable
Digest: AUTO
Algorithm: Disable
TLS: Auto

This is my configuration, i believe i have not configured something correctly.

Thanks in advance

Gen

Andy_Wismer · June 9, 2021, 11:31am

@mastgen

Hi Gennaro

You can re-edit your OpenVPN in Cockpit… You will need to use the advanced box, and there set “Allow client to client connections”, as per screenshot above.

You can switch your language from Italian to English to make sure you get it all right, then switch back to italian… My NethServer doesn’t have the Italian language loaded - so I can provide german or english screenshots. As this Forum is english based, and the most help is possible in english, I’ll stick to english!

My 2 cents
Andy

ibinetwork · June 9, 2021, 11:46am

HI,

Try Firewall > Config > Permit traffic openvpn roadwariors openvpn tunnels and ipsec

mastgen · June 9, 2021, 11:52am

Hi Andy, this is my screen configuration:

Client Tunnel Side:

Server Tunnel Side (Star Center):

Regards and thanks again!

mastgen · June 9, 2021, 11:53am

I have activated this function on both client and server side but unfortunately nothing

Andy_Wismer · June 9, 2021, 11:57am

Hi

Strange, I’m only using the OpenVPN Roadwarrior Config, but I have the option to set “Client 2 Client” when editing…

You may need to erase the VPN config and recreate it anew. (Make a config backup first!).

My 2 cents
Andy

ibinetwork · June 9, 2021, 12:02pm

Try create a 1 tunnel for client

Star Server => Client1
Star Server2 => Client2

And try ping ip of tunnel with tunnel

mastgen · June 9, 2021, 12:07pm

The network is set up with this type of configuration but strangely the clients tunnel between them there is no ping

mastgen · June 9, 2021, 12:09pm

Hi,
this is the module of tunneling used to connect all locations:

OVPN RoadWarrior is not in use

Regards
Gen

Andy_Wismer · June 9, 2021, 12:13pm

Use Roadwarrior, then it works…

rob861 · June 9, 2021, 1:39pm

Hi Gennaro,
unless you’re connecting multiple networks (which is what tunnels are for), I suggest you use Roadwarrior and check that box that Andy told you. If you have to connect multiple networks, then you’ll need to push every subnet to every client in order to make them talk to each other.

mastgen · June 9, 2021, 3:12pm

Hi Roberto,

thanks for your response.

Tomorrow i will adopt this “cobweb” style method and i will update you.

Thanks again

Gen

mastgen · June 10, 2021, 2:47pm

Sadly this solution would have been the fastest and most ideal but for a matter of user “skills”, I had to opt for the tunnel thanks again

mastgen · June 10, 2021, 2:48pm

it worked, I had to configure a tunnel server for each tunnel client as well, thank you so much!

rob861 · June 10, 2021, 3:18pm

Hi Gennaro,
glad I could be of help! NethServer can be a little bit tricky sometimes, but when you learn to master it, it becomes a very good all-rounder