>Hi, On Mon, Aug 14, 2023 at 09:19:44PM +0000, Jason Long via Openvpn-users wrote:
> Hi Bruno,Thank you so much for your reply.Both (Server and Client) can ping > each other and without the local statement my client can connect to the > OpenVPN server.My >client connecting to the server via an internal > network:Server: 192.168.1.20Client: 192.168.1.21 >Can you ping the address that you have specified in "local"? >Pinging the 192.168.1.20-Address is not relevant if that is not the >address you try to reach for OpenVPN. >If you can, but OpenVPN still fails to connect, this smells like firewall. >If it does not ping, fix your routing. >gert -- >"If was one thing all people took for granted, was conviction that if you >feed honest figures into a computer, honest figures come out. Never doubted >it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress >Gert Doering - Munich, Germany g...@greenie.muc.de Hi Gert, How are you? I changed my architecture. My OpenVPN server has only one physical NIC: enp0s3: 10.0.2.15 I created a virtual NIC as below: enp0s3:1: 10.0.5.20 My OpenVPN server network settings are: enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 inet6 fe80::a00:27ff:feed:b47c prefixlen 64 scopeid 0x20<link> ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet) RX packets 9915 bytes 1829851 (1.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7792 bytes 1132320 (1.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s3:10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.5.20 netmask 255.255.255.0 broadcast 10.0.5.255 ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet) I added the following line to my server.conf: local 10.0.5.20 After it, I used the following iptables rules: IF_MAIN=enp0s3 IF_TUNNEL=tun30 YOUR_OPENVPN_SUBNET=20.1.0.0/16 iptables -I INPUT -p udp --dport 3000 -j ACCEPT iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -j SNAT --to 10.0.5.20 I started the OpenVPN and it is worked and created a virtual NIC: tun30: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 20.1.0.1 netmask 255.255.255.255 destination 20.1.0.2 inet6 fe80::3b66:b0c6:fbf7:988b prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 480 (480.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Now, client can't connect to my OpenVPN server: Sun Aug 20 11:02:18 2023 read UDPv4: Connection reset by peer (WSAECONNRESET) (fd=ec,code=10054) Why? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
