In order for machines on different networks to successfully talk to each other, both ends need to know how to route traffic to the other end. Normally, this is easily done on a simple enduser LAN because there's usually only two destinations: "the local network" and "everywhere else". Traffic to the local network is just sent directly to the destination, while traffic to everywhere else is sent to the default gateway ("router") and it handles it (by passing it to your upstream ISP, which has far more knowledge about where to send traffic to the many destinations that make up the Internet).
By placing a VPN into the mix, you're complicating things somewhat. By making the VPN endpoints machines within a LAN, rather than making the default gateways the endpoints, you're complicating things greatly.
What you need to do is add routes to allow traffic to go to the right places. You can either do this on every machine in both LANs, or just add it to the default gateway. The latter is far easier, but slightly less efficient (traffic will have an extra "hop", going via the gateway, which shouldn't be a major inconvenience in most cases).
Without knowing what your gateways actually are, I can't tell you how to configure them, but the routes basically need to be:
- On gateway for 172.16.130.0/24:
- Route all traffic destined for 172.16.120.0/24 via 172.16.130.2
- On gateway for 172.16.120.0/24:
- Route all traffic destined for 172.16.130.0/24 via 172.16.120.2
There's also all sorts of firewalling stuff you might have to do, both on the gateways and the VPN endpoints, and you might have to turn on IP forwarding on the endpoints, but it's all fairly straightforward network configuration stuff.
And next time: just put the VPN endpoints on the default gateway. It's so much easier.
Most likely because the client can't communicate with the server on UDP 1194. Why, there are a number of possibilities to check, two most common:
- no firewall rule permitting the traffic
- 1:1 NAT or port forward forwarding that traffic somewhere else
Best Answer
The peer to peer feature of OpenVPN, just means either side can initiate the connection. It doesn't have any method to bypass NATs.
OpenVPN has a very simple protocol, and is very easy to get through a firewall and setup port forwarding for. On either network you could pick any port, forward that to the system inside the network that will terminate the OpenVPN connection. Then adjust the configuration to use that port. By default OpenVPN uses 1194.
You didn't mention what type of routers you have on these two networks, but some routers have a VPN on them. Or if these are small consumer routers it is likely you could install a firmware on them that will include OpenVPN. Which you can use to create the VPN from the routers which will have a public address, and will allow you allow access to whole network.