Join Log in
Score:0
Laki avatar Server

VPN Roadwarrior Subnet could not connect Server + Site2Site

co flag
Laki

i'm currently involved in building up a VPN (site2site + roadwarrior) network to give a customer access to ioT devices (IP-Devices, connected to a tiny OpenWRT-Router each).

Server1 <-> Server2
|
|-- Gateway 1
|-- Gateway 2
|-- Gateway X

The Roadwarrior-Network is established by an openVPN Server. The Site2Site-Network is established by strongSwan (IPsec).

Problem:

1:

From Server1/2 could reach each others subnets. Server1 could reach RoadwarriorGateways and their Subnets (tested by Ping).

From Server2 it is not possible to ping any Roadwarrior Gateway even the Subnets.

How to connect Server2 to the Roadwarriors? Routingtopic?

2:

Other way round, the communication (ping) from Roadwarror-Gateway to Server1 also Server2 works fine. But not from the Roadwarriors Network / Subnet.

Configuration Files

Server.conf:

port 1194

proto udp

dev tun

ca ca.crt
cert server.crt

dh dh.pem

server 10.8.0.0 255.255.0.0

ifconfig-pool-persist ipp.txt

push "route 172.19.20.0 255.255.255.0"

client-config-dir ccd
route 10.110.0.0 255.255.255.248
route 10.110.0.8 255.255.255.248
route 10.110.0.16 255.255.255.252
route 10.110.0.20 255.255.255.252
route 10.110.0.24 255.255.255.252

keepalive 10 120

cipher AES-256-CBC
auth SHA256

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log
log-append  openvpn.log
verb 4

./ccd/client3 File:

iroute 10.110.0.16 255.255.255.252

Client-Site:

openVPN_client.ovpn:

client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 3
key-direction 1
<ca>
....

/etc/systemctl.d/99-sysctl.conf

Entry: net.ipv4.ip_forward = 1

Conclusion

I doesn't think that this is an strongSwan/IPsec problem, so i does not share this configs. I think it is problem with routing in clientgateways and somer general routing at server2. What is your opinion? How could i solve this issue..?

I want to solve this problem also i want to learn something, do you have some literature or online (e)courses i should read/visit?

23
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.