OVPN Clients can't ping each other

Felix

12/25/22, 2:47 PM

I hope that you can help me with my problem. I have configured an OpenVPN Server. Clients can connect and I can ping the clients from the virtual machine where the server is. But I want the clients to ping each other and for example see which devices are connected in the other clients network.

I have stumbled upon this post here How to allow communications with client to client on OpenVPN Server? but the solution with the firewall rules did not work.

My OpenVPN server configuration looks like this:

port 1194
proto udp
dev tun
ca ../easy-rsa/pki/ca.crt
cert ../easy-rsa/pki/issued/server.crt
key ../easy-rsa/pki/private/server.key
dh ../easy-rsa/pki/dh.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
client-to-client
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
mode server
tls-auth ta.key 0
key-direction 0
auth SHA256
tls-server
comp-lzo

#client1
route 10.8.3.0 255.255.255.0

#client2
route 10.8.4.0 255.255.255.0

I am open for suggestions - thanks in advance!

0 + 3

openvpn

Tom Yan

12/26/22, 5:28 AM

By "clients" do you mean the clients themselves or hosts in their LAN/site? What are the routes to `10.8.3.0/24` and `10.8.4.0/24` for?

Felix

12/26/22, 7:23 AM

Thanks for your reply. In my case the clients are hosts (routers). For example router 1 has the ip adress 10.8.3.1 and my laptop connected to the router has the ip adress 10.8.3.145. From here I want to ping the router 2 with the ip adress 10.8.4.1 or the device connected to the router 2 with the ip adress 10.8.4.100. As I understand it, I need the route command in the server config so the clients use the specifc ip adresses.

Tom Yan

12/26/22, 9:18 AM

Unless the two routers / clients are using the tun (that leads to this server) as their default route, you'll need to `push` route for their subnets to each other. Besides, you will need to setup `iroute` for the subnets so that traffics from one LAN can actually be led to the (router of) the other. The `route` directives you added might actually be optional (unless you rely on IP forwarding on the server host instead of `client-to-client`).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: OVPN Clients can't ping each other

TH: ลูกค้า OVPN ไม่สามารถ ping ซึ่งกันและกันได้

RO: Clienții OVPN nu se pot ping reciproc

RU: Клиенты OVPN не могут пинговать друг друга

VI: Máy khách OVPN không thể ping lẫn nhau

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.