OpenVPN - Unprivileged ubuntu CT, connection to local network

K

krlozanov

New Member
Jan 28, 2023
1
0
1
Hey All,

I'm running OpenVPN on ubuntu 20.04 CT Unprivileged. I could connect and ping from client the server, but when I want to access the local network(of the server) i can't.
Probably I'm missing something. Any ideas?

My server conf:
Code: 
port 1194
proto udp
dev tun
ca ca.crt
cert myservername.crt
key myservername.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 192.168.31.0 255.255.255.0"
client-to-client
keepalive 10 120
tls-crypt ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1

My Client conf:
Code: 
client
dev tun
proto udp
auth-user-pass
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
verb 10
key-direction 1
<tls-crypt>
XXX
</tls-crypt>
<ca>
XXX
</ca>
<cert>
XXX
</cert>
<key>
XXX
</key>

Also, here is the info about server network:
Code: 
root@vpn:/etc/openvpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if31: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 26:9f:46:2b:b8:6e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.31.37/24 metric 1024 brd 192.168.31.255 scope global dynamic eth0
       valid_lft 38467sec preferred_lft 38467sec
    inet6 fe80::249f:46ff:fe2b:b86e/64 scope link
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::a959:c380:1b3a:a604/64 scope link stable-privacy
       valid_lft forever preferred_lft forever

Server Routing:
Code: 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.31.1    0.0.0.0         UG    1024   0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.31.0    0.0.0.0         255.255.255.0   U     1024   0        0 eth0
192.168.31.1    0.0.0.0         255.255.255.255 UH    1024   0        0 eth0


Client Routing:
Code: 
Routing tables

Internet:
Destination        Gateway            Flags           Netif Expire
default            10.0.224.1         UGScg             en0
10.0.224/24        link#6             UCS               en0      !
10.0.224.1/32      link#6             UCS               en0      !
10.0.224.1         ac:78:d1:aa:9c:60  UHLWIir           en0   1185
10.0.224.12        d8:13:99:dd:72:a7  UHLWIi            en0    965
10.0.224.19        7a:f1:a9:fe:32:40  UHLWI             en0    675
10.0.224.21        fe:41:3e:3a:8:db   UHLWI             en0    544
10.0.224.46        a8:8f:d9:48:9c:5f  UHLWI             en0   1045
10.0.224.62        fe:d3:7b:96:84:9d  UHLWI             en0    799
10.0.224.69        6:21:4d:a7:86:fb   UHLWI             en0    688
10.0.224.81/32     link#6             UCS               en0      !
10.8/24            10.8.0.5           UGSc            utun7
10.8.0.4/30        10.8.0.6           UGSc            utun7
10.8.0.5           10.8.0.6           UH              utun7
127                127.0.0.1          UCS               lo0
127.0.0.1          127.0.0.1          UH                lo0
169.254            link#6             UCS               en0      !
192.168.31         10.8.0.5           UGSc            utun7
224.0.0/4          link#6             UmCS              en0      !
224.0.0.251        1:0:5e:0:0:fb      UHmLWI            en0
239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI            en0
255.255.255.255/32 link#6             UCS               en0      !

I managed to trace the packages. When I want to access some local netwrok address from Client to Server, packages are received by the server, but there is no answer.

Any suggestions?
 
Last edited:
You must log in or register to reply here.
Top Bottom