I'm venturing into a bit of uncharted territory for me and need some assistance. I'm working on setting up an OpenVPN server on a Raspberry Pi using PiVPN, aiming to connect my work laptop remotely to 3 PLCs (with plans to expand to 22). It's all from an off-site location about an hour from my work.
Here's where things stand:
Device Connection: All my devices are connected to the Pi, and pinging is smooth sailing.
GUI & SSH: Hitting a roadblock here; can't access the GUI or SSH into the PLCs.
Configuration Steps: I've got IPv4 forwarding enabled on the Pi, DDNS sorted, and both port forwarding and static routes are in place.
I even gave a free OpenVPN cloud connexa account a try, dropping the .OVPN files into the PLCs and my laptop. Connections are fine and I can SSH into each device, so I'm leaning toward an issue with the Pi.
Illustration of network:
0000000000000000000000000000000000000000000------- PLC@ 192.168.3.1
000000000000000000000000000000000000000000/
00000000000000000000000000000000000000000/
0000000000000000000000000000000000000000/
Laptop 192.168.2.1 ------------> Pi@ 192.168.1.1 ----- PLC@ 192.168.4.1
0000000000000000000000000000000000000000\
00000000000000000000000000000000000000000\
000000000000000000000000000000000000000000\
0000000000000000000000000000000000000000000------- PLC@ 192.168.5.1
Here are the server details:
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.11.155.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
And the client details:
client
dev tun
proto udp
remote MYDDNSSERVER 1194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
**cert**
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
**cert**
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
**cert**
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
**cert**
-----END OpenVPN Static key V1-----
</tls-crypt>
If any of you can shed some light on what I might be overlooking, I'd be really grateful. Just trying to get this right, and I'm stuck.
Many thanks in advance!
