On Tue, Feb 23, 2016 at 7:07 PM, tovis <mailer.to...@freemail.hu> wrote:
> The routers configuration, resulting settings and logs are on pastebin:
> server side (tovis-lab): http://pastebin.com/3VRAadXz
> client side (tovis-lak): http://pastebin.com/h8Ctfmx2
> server side LAN is 192.168.1.0 255.255.255.0 tunnel is 10.8.0.1
> client side LAN is 192.168.2.0 255.255.255.0 tunnel is 10.8.0.6
>
> At now the connection is established and working! - but it's like "half
> duplex". The client could reach the LAN on the server side, but the server
> can not reach the client side.
> >From the server side I can only ping the client side tun address 10.8.0.6
> (and of course own tun 10.8.0.1).
> I have install tcpdump on RPI, when I ping the client side tun interface
> 10.8.0.6 I can see incoming/outgoing packages, but when I try to ping
> router's LAN side 192.168.2.254 no sign of packages. At now I have only
> one box at the client side what I can not access either - no ping no ssh.
>
That sounds like a missing iroute directive. I notice iroute is in the ccd
file, but is it really being read? A log at level verb=4 would show
client-specific file is being read when the client connects. The location
of ccd relative to config is not clear from the posted logs.
Having said that, if the idea is to make a tunnel between two routers its
much simpler to use a point-to-point set up:
Say router1 is assigned 10.8.0.1 and router2 10.8.0.2
config on router1
remote router2-public-ip
ifconfig 10.8.0.1 10.8.0.2
dev tun0
tls-server
dh
ca
cert
key
config on router2
remote router1-public-ip
ifconfig 10.8.0.2 10.8.0.1
dev tun0
tls-client
ca
cert
key
Then use up scripts to add routes:
On router 1 a route to server side LAN with gateway as router 2 tun IP and
a reciprocal one on router2: i.e.,
on router 1: ip route add router2-net/mask via 10.8.0.2
on router 2: ip route add router1-net/mask via 10.8.0.1
Note the gateways are on the other end of the tunnel, no iroute needed.
Selva
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
