I have a problem with IPCop + zerina OpenVPN.
My networks are as in figure, and are well configurated:
– IPCop act like firewall between the two lans 192.168.100.0/24 and 192.168.200.0/24
– OpenVPN works with roadwarrior configuration (client1 can ping the internal IP of IPCop 192.168.100.0 through OpenVPN tunnel).
The problem is that client1 can't ping server1, because IPCop+OpenVPN doesn't forward traffic in the internal LAN. I can't use neither of the two OpenVPN forwarding mode:
– I can't use OpenVPN TUN (routing) solution: the lans are isolated and i have no place to route
– I can't use OpenVPN TAP (bridge) solution (maybe in this case the correct solution), because IPCop doesn't support bridging (don't have bridge-utils and clearly doesn't support it).
Any solution? Or i must move the OPenVPN server in another internal server that can bridge (naturally tuning IPCop to permit OpenVPN traffig to the new VPN server). Are there simplier solution without moving services?
Best Answer
OK, new attempt. This is what I think happens.
The packets form the client have the source address 192.168.200.X, goes through the TUN interface (client routing rules), the VPN servers sends it to destination, but the answer goes through eth1, getting lost. You should try and verify all this with
tcpdump.To fix this issue you can probably set the source to be the VPN address, e.g. with a command like
However, this is an issue with this test setup, do not expect to have the same issue with the real thing.