I have what seems like a pretty textbook setup with OpenVPN. On the server side I am exposing the LAN to the remote clients and pushing a route. I've got my static route in the server-side gateway pointing requests bound for the VPN subnet to the OpenVPN Server, etc.
I keep having flaky behavior, though. For instance, a lot of times ssh connections from the vpn client to machines on the OpenVPN server's LAN timeout. I can fairly repeatably get them to timeout until I've pinged the destination once. Each time I do that, the first ping times out, subsequent pings succeed, and then I can ssh.
I've tried using the OpenVPN 2.4 server that comes with LinuxMint 20.1 (the distro on the Server) and I've tried OpenVPN 2.5.6 compiled from source and I seem to get the same results.
Here's my setup for reference:
Server's LAN
Gateway: 192.168.1.1 - has static route [ 10.8.0.0/24 via 192.168.1.31 ]
OpenVPN Server: 192.168.1.31
- ipv4 forwarding on
- promisc mode on for LAN interface
- ufw configured to allow all to ports 1194/udp, 22/tcp, and forwarding in both directions between tun0 and LAN interface)
192.168.1.121 - my daily driver (Linux) with SSH on - no firewall rules defined
192.168.1.16 - another Linux box with SSH on - no firewall rules defined
192.168.1.17 - a Windows 10 box with remote desktop enabled and the windows firewall turned off
Client LAN
Network Address: 192.168.11.0/24
1 Linux Client on DHCP
1 Windows Client on DHCP
The boxes with the IP's 192.168.1.16 and 192.168.1.121 are the ones I'm trying to connect to from the VPN client and are exhibiting the above behavior.
Another bit of weirdness is that when trying to use rdesktop to connect to the RDP on 192.168.1.17, a Linux VPN Client consistently has a GnuTLS timeout and fails. A Windows VPN client with the exact same VPN config consistently works to connect to RDP on that box.
I would be glad to post any config files or command outputs that are relevant, but I didn't want to just dump all of them up here initially as they are very lengthy and I wondered if someone else had run into this before. My OpenVPN config files are mostly defaults with just the normal stuff set - key names, remote IP of the VPN Server, the push "route..." directive, etc.