The HeadOffice subnet is 192.168.2.0/24. OpenVPN server & shorewall on same box – acting as a gateway
AWS subnet is 10.9.1.0/24. Openvpn Client configured for VPN access
Tunnel is up and I can ping & SSH from AWS to Headoffice
On the HeadOffice box, I see:
tun0 inet addr:10.1.0.1 P-t-P:10.1.0.2 Mask:255.255.255.255
No routes injected. I manually injected the route but that did not help
On AWS OpenVPN Box I see:
tun0 inet addr:10.1.0.94 P-t-P:10.1.0.93 Mask:255.255.255.255
192.168.2.0 10.1.0.93 255.255.255.0 UG 0 0 0 tun0
I can ping 10.1.0.94 from both locations for cannot ping 10.1.0.93 from any location.
What am I missing here?
VPN2Remote
local 76.9.1.2
proto udp
dev tun
server 10.1.0.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
push "route 10.9.1.0 255.255.255.0"
user nobody
group nogroup
persist-key
persist-tun
status vpnstats.log
ca keys/ca.crt
comp-lzo
verb 3
mute 20
cert keys/headofficefw.crt
key keys/headofficefw.key
VPN2HeadOffice
client
cd /etc/openvpn
dev tun
proto udp
remote 76.9.1.2
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
status vpnstats.log
ca keys/ca.crt
cert keys/awsfw.crt
key keys/awsfw.key
ns-cert-type server
comp-lzo
verb 3
mute 20
push "route 192.168.2.0 255.255.255.0"
push "route 10.9.1.0 255.255.255.0"
route 10.9.1.0 255.255.255.0
Best Answer
OpenVPN is designed in such a way, 101.0.93 will not ping. Assigned IP address is 10.1.0.94 which pings without any issue. Basically routes are being pushed from OpenVPN Server if we mention
push routes
in server.conf On the server side LAn to reach AWS LAN network, we need to add an entry in server.conf like:route add -net 10.9.1.0 netmask 255.255.255.0 gw 10.1.0.94 dev tun0
Also enable ipv4 forwarding and addtopology subnet
in server.conf to allow Server to talk to Clients. Please post your server.conf and client.conf