OpenVPN server cannot ping client IPs

openvpnrouterrouting

I have flashed a router at two separate sites with DD-WRT firmware and setup OpenVPN on both. once connected the client can ping computers on the servers LAN however the server cannot ping IPs on the clients lan. I am executing the ping command in the shell for the routers (so i don't have to remote into local machines etc.)

I disabled the firewall at both sites (this is being done on a test config). Am I still missing something here? The config I used is below. id really appreciate any help/guidance.

Do I need to also push a route to the VPN server ips?

192.168.2.0 is client subnet

192.168.4.0 is server subnet

Thank you

Sever.conf

server 192.168.5.0 255.255.255.0
client-config-dir /tmp/openvpn/ccd
route 192.168.2.0 255.255.255.0
push "route 192.168.4.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
client-to-client

dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management port
management localhost 5001

Startup Command

mkdir -p /tmp/openvpn/ccd
echo "iroute 192.168.2.0 255.255.255.0" > /tmp/openvpn/ccd/client1

Server Router Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.5.2     *               255.255.255.255 UH    0      0        0 tun0
192.168.5.0     192.168.5.2     255.255.255.0   UG    0      0        0 tun0
192.168.4.0     *               255.255.255.0   U     0      0        0 br0
192.168.2.0     192.168.5.2     255.255.255.0   UG    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 vlan1
169.254.0.0     *               255.255.0.0     U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 vlan1

Client router Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.5.5     *               255.255.255.255 UH    0      0        0 tun0
192.168.5.0     192.168.5.5     255.255.255.0   UG    0      0        0 tun0
192.168.4.0     192.168.5.5     255.255.255.0   UG    0      0        0 tun0
192.168.2.0     *               255.255.255.0   U     0      0        0 br0
74.21X.XX.0     *               255.255.255.0   U     0      0        0 vlan1
169.254.0.0     *               255.255.0.0     U     0      0        0 br0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         static-74-21X-X 0.0.0.0         UG    0      0        0 vlan1

Client setup (just in case)

Client Setup

Best Answer

You need to remove one of your "push" statements.

The server needs to push the announcement of its own subnets to the client so the client knows to route all 192.168.4.0 traffice through the VPN tunnel.

But you are also telling the client "if you see packets destined for 192.168.2.0, send them over the VPN". This will cause the server-to-client traffic to get lost in the VPN and never make it out onto the client network.

Remove that second push line, and you should be OK.

Related Topic