My goal is to setup a site-to-site bidirectional VPN. I want to be able to access the server side from the client side, and client side from the server side.
I am not doing anything advanced, and I tried to follow the instructions on the OpenVPN site-to-site connection guide. But, I think because I am using two DD-WRT routers as my server and client VPN's, I am having a problem corresponding the guide to my situation.
From the client side, I am able to connect to the server side network hosts. From the server side, I can't connect to the client side hosts.
Network map:
CG-NAT Network LAN 192.168.0.0/22 OpenVPN Client on DD-WRT 192.168.0.2
Regular Network LAN 192.168.4.0/22 OpenVPN Server on DD-WRT 192.168.4.2
Tunnel: 10.10.28.1 <-> 10.10.28.2 (I can see it setup correctly in the logs)
I control both sides, so I was trying to setup the routes to fix the issue. I suspect the routes (or the settings on the OpenVPN server) are wrong.
This is the routing table on the OpenVPN Client side:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.0.1 0.0.0.0 UG 0 0 0 br0
10.10.28.0 * 255.255.255.0 U 0 0 0 tun1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
192.168.0.0 * 255.255.252.0 U 0 0 0 br0
192.168.4.0 10.10.28.1 255.255.252.0 UG 200 0 0 tun1
I can ping from anywhere in client network into 192.168.4.0 network:
# ping 192.168.4.222
PING 192.168.4.222 (192.168.4.222): 56 data bytes
64 bytes from 192.168.4.222: seq=0 ttl=63 time=42.244 ms
64 bytes from 192.168.4.222: seq=1 ttl=63 time=32.047 ms
This the the routing table on the OpenVPN Server host when I first bring it up:
default via 192.168.4.1 dev br0
10.10.28.0/24 dev tun2 scope link src 10.10.28.1
127.0.0.0/8 dev lo scope link
192.168.4.0/22 dev br0 scope link src 192.168.4.2
Observations: I can't ping from server network into 192.168.0.0 network. HOWEVER, while logged into the OpenVPN Server host (192.168.4.2), I can ping the other side of the tunnel (10.10.28.2)
# ping 10.10.28.2
PING 10.10.28.2 (10.10.28.2): 56 data bytes
64 bytes from 10.10.28.2: seq=0 ttl=64 time=40.287 ms
64 bytes from 10.10.28.2: seq=1 ttl=64 time=35.791 ms
# traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 46 byte packets
1 192.168.4.1 (192.168.4.1) 5.108 ms 4.927 ms 3.953 ms
2 * *
So, my first guess was to add this route to match the Client's route for the Server subnet:
route add -net 192.168.0.0 netmask 255.255.252.0 gw 10.10.28.2 metric 200 tun2
This created an additional entry:
192.168.0.0 10.10.28.2 255.255.252.0 UG 200 0 0 tun2
That made some difference, but traceroute or pings don't come back.
# traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 46 byte packets
1 * * *
Obviously I am a beginner, so let me know what more info is needed to help me.