I have two clients one connected to vpn server through vpn and another without vpn. I can ping both the clients from my server but I can't do directly using one client to another.
I am adding route tables for all these clients and server. Please note 10.10.0.2 and 10.10.0.1 are vpn private ip.
Route table for all the three are:
Kernel IP routing table for 10.30.0.190 vpn client Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.30.0.1 0.0.0.0 UG 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.20.0.0 10.10.0.1 255.255.0.0 UG 0 0 0 tun0 10.30.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 route table for 10.20.0.180 private subnet connected to vpn Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.20.0.1 0.0.0.0 UG 0 0 0 eth0 10.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 route table for 10.20.0.99 - vpn server Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.20.0.1 0.0.0.0 UG 0 0 0 eth0 10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.30.0.0 10.10.0.2 255.255.0.0 UG 0 0 0 tun0
Best Answer
You're most likely missing routes.
On your VPN server, add this directive to add routes to your local subnet:
push "route 10.20.0.0 255.255.255.0". That will tell VPN clients to route traffic through the VPN for that subnet. It looks like you might have done this, but be aware that yours has a subnet mask of /16 while the routing table on the LAN client has /24.On your gateway router 10.20.0.1, be sure to add a route for 10.10.0.0/24 through the VPN server (i.e.
ip route add 10.10.0.0/24 via 10.20.0.99) so that the return path is also routeable.