mardi 23 juin 2015

OpenVPN Client Gateway not forwarding return traffic

I am using OpenVPN setting up a site-to-site Amazon VPC to my office network. OpenVPN server is in my office network (10.10.11.0/24). I want to have the entire VPC subnet on Amazon (10.1.5.0/24) to access servers on my office network.

[office server 10.10.11.21] --- [office network 10.10.11.0/24] --- [OpenVPNSever 10.10.11.3] --- --- [OpenVPNClient AWS 10.1.5.6] --- [AWS VPC 10.1.5.0/24] --- [AWS server 10.1.5.11]

Now my problem is, from VPN client server 10.1.5.6, i can access office server (ping 10.10.11.21). However, from another machine on the same subnet 10.1.5.11, I don't get ping response back from 10.10.11.21.

I captured tcpdump on the tun0 interface and eth0 interface on the VPN client 10.1.5.6, and I see the response is being send back up to vpn client machine. But from 10.1.5.11, i got nothing.

Did I miss anything on the VPN client machine to forward packets back to 10.1.5.11?

Thanks for the help!!!

My OpenVPN server.conf

port 1194
proto tcp
dev tun
ca ca.crt
cert vpnsrv.crt
key vpnsrv.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.11.0 255.255.255.0"
client-config-dir ccd
route 10.1.5.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 9

ccd/client

iroute 10.1.5.0 255.255.255.0

OpenVPN client.conf

client
dev tun
proto tcp
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert cleint.crt
key cleint.key
ns-cert-type server
comp-lzo
verb 3

10.1.5.11 route:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.1.5.1        0.0.0.0         UG        0 0          0 eth0
10.1.5.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.10.11.21     10.1.5.6        255.255.255.255 UGH       0 0          0 eth0

10.1.5.6 route:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.1.5.1        0.0.0.0         UG        0 0          0 eth0
10.1.5.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.1.5.248      0.0.0.0         255.255.255.255 UH        0 0          0 eth0
10.8.0.0        10.8.0.5        255.255.255.0   UG        0 0          0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.10.11.0      10.8.0.5        255.255.255.0   UG        0 0          0 tun0



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)