I have two clients one connected to vpn server through vpn and another without vpn. I can ping both the clients from my server but I can't do directly using one client to another.
I am adding route tables for all these clients and server. Please note 10.10.0.2 and 10.10.0.1 are vpn private ip.
Route table for all the three are:
Kernel IP routing table for 10.30.0.190 vpn client Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.30.0.1 0.0.0.0 UG 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.20.0.0 10.10.0.1 255.255.0.0 UG 0 0 0 tun0 10.30.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 route table for 10.20.0.180 private subnet connected to vpn Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.20.0.1 0.0.0.0 UG 0 0 0 eth0 10.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 route table for 10.20.0.99 - vpn server Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.20.0.1 0.0.0.0 UG 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.30.0.0 10.10.0.2 255.255.0.0 UG 0 0 0 tun0
Best Answer
You're most likely missing routes.
On your VPN server, add this directive to add routes to your local subnet:
push "route 10.20.0.0 255.255.255.0"
. That will tell VPN clients to route traffic through the VPN for that subnet. It looks like you might have done this, but be aware that yours has a subnet mask of /16 while the routing table on the LAN client has /24.On your gateway router 10.20.0.1, be sure to add a route for 10.10.0.0/24 through the VPN server (i.e.
ip route add 10.10.0.0/24 via 10.20.0.99
) so that the return path is also routeable.