For context, I am migrating my VPN server. I duplicated the old set up almost exactly, and now clients connected to the new VPN server cannot tunnel properly (but they connect just fine).
While tunneled, this is the routing table of my client:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
[vpnserver-ip] 10.105.0.1 255.255.255.255 UGH 0 0 0 wlan1
10.105.0.0 0.0.0.0 255.255.252.0 U 0 0 0 wlan1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan1
0.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 10.105.0.1 0.0.0.0 UG 0 0 0 wlan1
At the same time, here is the routing table of the server
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 [vpn-gate].1 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
[vpn-sub].0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
The table of the new VPN server is basically identical to that of the old one, so I'm not sure what is missing? Why won't this tunnel properly?
I've redacted the IP of the VPN server.
You probably haven't configured IP masquerading on the server for outgoing packets from VPN clients. You can check this configuration on the old server with
iptables -nvL -t nat
. You need something like the following on the new server: