Hi nethserver community,
After “disaster recovery”, we are currently struggling to once again set up our VPN in our network. We already reset both the router and nethserver(NS) but we still can’t figure out what we do actually wrong.
So let me start with explaining our set up:
So the problem is actually that with PC3 (vpn client) we cannot access anything in our server-side local network (10.23.0.0).
overview, ifconfig , route, OpenVPN Roadwarrior Config, Firewall rules, Open VPN settings
can be seen in the figure above
Additionally we used tcpdump to see the routing on the server when we tried to ping from PC3(10.8.0.x ) to PC1(10.23.0.x).
12:22:33.897954 IP 10.8.0.10.55214 > 17.248.146.111.443: Flags [S], seq 2673219908, win 65535, options [mss 1358,nop,wscale 6,nop,nop,TS val 1036993970 ecr 0,sackOK,eol], length 0
12:22:34.045574 IP 10.8.0.10.55215 > 172.217.23.138.443: Flags [S], seq 783895879, win 65535, options [mss 1358,nop,wscale 6,nop,nop,TS val 1036994117 ecr 0,sackOK,eol], length 0
12:22:34.060602 IP 10.8.0.10.55216 > 205.233.73.116.443: Flags [S], seq 595964165, win 65535, options [mss 1358,nop,wscale 6,nop,nop,TS val 1036994132 ecr 0,sackOK,eol], length 0
12:22:34.141162 IP 10.8.0.10.55211 > 17.248.146.73.443: Flags [S], seq 1364290408, win 65535, options [mss 1358,nop,wscale 6,nop,nop,TS val 1036994212 ecr 0,sackOK,eol], length 0
12:22:34.147962 IP 10.8.0.10.55217 > 17.248.146.78.443: Flags [S], seq 2106829015, win 65535, options [mss 1358,nop,wscale 6,nop,nop,TS val 1036994219 ecr 0,sackOK,eol], length 0
12:22:34.396837 IP 10.8.0.10.55212 > 17.248.146.205.443: Flags [S], seq 161307845, win 65535, options [mss 1358,nop,wscale 6,nop,nop,TS val 1036994467 ecr 0,sackOK,eol], length 0
12:22:34.405221 IP 10.8.0.10.55218 > 17.248.146.143.443: Flags [S], seq 1193448510, win 65535, options [mss 1358,nop,wscale 6,nop,nop,TS va
Our Host-to-net.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
dev tunrw
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist host-to-net.pool 0
port 1194
script-security 3
float
multihome
dh /var/lib/nethserver/certs/dh1024.pem
ca /etc/pki/tls/certs/NSRV.crt
cert /etc/pki/tls/certs/NSRV.crt
key /etc/pki/tls/private/NSRV.key
crl-verify /var/lib/nethserver/certs/crl.pem
push "dhcp-option DOMAIN ourDomain"
push "dhcp-option DNS 10.23.0.3"
push "dhcp-option WINS 10.8.0.1"
push "dhcp-option NBDD 10.8.0.1"
push "dhcp-option NBT 2"
push "route 10.23.0.0 255.255.255.0"
# Authentication: password
auth-user-pass-verify /usr/libexec/nethserver/openvpn-pam-auth via-env
verify-client-cert none
username-as-common-name
status /var/log/openvpn/host-to-net-status.log
log-append /var/log/openvpn/openvpn.log
keepalive 20 120
client-config-dir ccd
persist-key
persist-tun
management /var/spool/openvpn/host-to-net unix
verb 3
We tried to resolve our problem by following this post and this post. We have seen @filippo_carletti solve some similar issues and we are very grateful for any support!
Do you see any obvious mistakes we made or have any suggestions how we could continue to solve this issue?
Thanks!