Krafter
Posts: 22
Joined: Wed Jan 27, 2016 11:36 pm

PiVPN (OpenVPN) Need advice/help

Tue Jul 25, 2017 7:54 pm

I wasn't sure where to post so I thought I'd post here so please move this if needed.

I need some advice and/or help for a VPN using PiVPN (OpenVPN) on a Pi 3. I've googled and searched and pounded my head on my desk for days now trying to get a VPN up and running like I need it to. I've even posted on OpenVPN forums and failed to get the help I need. I'm really hoping to get a resolution here...

This is what I want to do. My company want's to use Pi's to access remote TCP/IP equipment on remote locations. This equipment isn't on the same subnet as the internet connection. That shouldn't be a big deal but that's where I'm getting hung up..... I have the VPN running and it works great from both a PC and an iPAD. On this VPN I have two NICs. One for the internet connection and the other to reach our equipment. As I said above, that's where I'm getting hung up. For the life of me, I cannot ping anything on that subnet. The internet side is on a subnet of 192.168.1.x. The equipment is on a subnet of 192.168.86.x. The VPN serves out addresses on a subnet of 10.8.0.x. When I'm connected I get served an IP address of 10.8.0.2. From that IP I can ping 192.168.1.x, 10.8.0.x and 192.168.86.253 (address of the second NIC) but I cannot ping anything but 192.168.86.253. I believe the issue is in one of two places. It's either in the server.conf file so the VPN isn't pushing a route correctly to the clients or I don't have my IPTables setup correctly. It's also possible that it could be both. I really don't know.

My OpenVPN server.conf file:

Code: Select all

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
[color=#FF0000]#Tried bellow and didn't work
push "route 192.168.86.0 255.255.255.0"[/color] #---- tried with others commented out
[color=#FF0000]#Tried bellow and didn't work
push "route 192.168.86.0 255.255.255.0 10.8.0.1"[/color]#---- tried with others commented out
[color=#FF0000]#Tried bellow and didn't work
push "route 192.168.86.0 255.255.255.0 192.168.1.14"[/color]#---- tried with others commented out
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
# Generated for use by PiVPN.io
My IPTables:

Code: Select all

# Generated by iptables-save v1.4.21 on Tue Jul 25 19:31:33 2017
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:184]
:POSTROUTING ACCEPT [1:184]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Jul 25 19:31:33 2017
# Generated by iptables-save v1.4.21 on Tue Jul 25 19:31:33 2017
*filter
:INPUT ACCEPT [1409:349819]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1431:209698]
COMMIT
# Completed on Tue Jul 25 19:31:33 2017
My kernel routing table:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    202    0        0 eth0
10.8.0.0        *               255.255.255.0   U     0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     202    0        0 eth0
192.168.86.0    *               255.255.255.0   U     204    0        0 eth1

Krafter
Posts: 22
Joined: Wed Jan 27, 2016 11:36 pm

Re: PiVPN (OpenVPN) Need advice/help

Wed Jul 26, 2017 7:28 pm

Bump

Thanks

Return to “General discussion”