So I deleted the old post because it was so confused.
Unfortunately, my problem has apparently not been resolved, had a restart and suddenly I no longer have any access from my green network through OpenVPN to the network of the branch office.
I haven’t changed any of the settings … just restart …
I am now enclosing a few screenshots in the hope that someone can tell me whether what I have done is correct. Please don’t get it wrong, but I’m not a professional … do it privately because I have a lot of fun with it and I just want to connect two apartments with each other (for different things like SmartHome, multimedia and also our two offices) …
Here is the firewall release on the main server:
The setting at the Openvpn main unit:
The settings at the Openvpn remote station:
PS: actually everything according to the instructions from Anleitung
Route:
and:
I really don’t know any more advice … after this firewall setting, shouldn’t everything be “open”? …
I ask you, please help me … Thank you in advance!
LOG:
Nov 5 21:55:13 MSFW01 NetN2N[20755]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Nov 5 21:55:13 MSFW01 NetN2N[20755]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Nov 5 21:55:13 MSFW01 NetN2N[20755]: OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 5 2020
Nov 5 21:55:13 MSFW01 NetN2N[20755]: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.09
Nov 5 21:55:13 MSFW01 NetN2N[20756]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:2000
Nov 5 21:55:13 MSFW01 NetN2N[20756]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 5 21:55:13 MSFW01 NetN2N[20756]: Diffie-Hellman initialized with 2048 bit key
Nov 5 21:55:13 MSFW01 NetN2N[20756]: ROUTE_GATEWAY 188.193.26.254/255.255.255.0 IFACE=red0 HWADDR=0c:c4:7a:84:95:56
Nov 5 21:55:13 MSFW01 NetN2N[20756]: TUN/TAP device tun1 opened
Nov 5 21:55:13 MSFW01 NetN2N[20756]: TUN/TAP TX queue length set to 100
Nov 5 21:55:13 MSFW01 NetN2N[20756]: /sbin/ip link set dev tun1 up mtu 1500
Nov 5 21:55:13 MSFW01 NetN2N[20756]: /sbin/ip addr add dev tun1 local 10.10.1.1 peer 10.10.1.2
Nov 5 21:55:13 MSFW01 NetN2N[20756]: /etc/init.d/static-routes start tun1 1500 1605 10.10.1.1 10.10.1.2 init
Nov 5 21:55:13 MSFW01 NetN2N[20756]: /sbin/ip route add 192.168.0.0/24 via 10.10.1.2
Nov 5 21:55:13 MSFW01 NetN2N[20756]: ERROR: Linux route add command failed: external program exited with error status: 2
Nov 5 21:55:13 MSFW01 NetN2N[20756]: TCP/UDP: Preserving recently used remote address: [AF_INET]188.193.26.16:2000
Nov 5 21:55:13 MSFW01 NetN2N[20756]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Nov 5 21:55:13 MSFW01 NetN2N[20756]: UDP link local (bound): [AF_INET]188.193.26.9:2000
Nov 5 21:55:13 MSFW01 NetN2N[20756]: UDP link remote: [AF_INET]188.193.26.16:2000
Nov 5 21:55:13 MSFW01 NetN2N[20756]: GID set to nobody
Nov 5 21:55:13 MSFW01 NetN2N[20756]: UID set to nobody
Nov 5 21:55:13 MSFW01 NetN2N[20756]: TLS: Initial packet from [AF_INET]188.193.26.16:2000, sid=6a05923f 98cf368e
Nov 5 21:55:13 MSFW01 NetN2N[20756]: VERIFY OK: depth=1, C=DE, ST=Bayern, L=PTown, O=xxxxxx, OU=EDV, CN=xxxxx CA, emailAddress=info@xxxxxx.de
Nov 5 21:55:13 MSFW01 NetN2N[20756]: VERIFY OK: depth=0, C=DE, ST=Bayern, O=xxxxx, OU=Geschaeftsleitung, CN=xxxxx
Nov 5 21:55:13 MSFW01 NetN2N[20756]: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 5 21:55:13 MSFW01 NetN2N[20756]: Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 5 21:55:13 MSFW01 NetN2N[20756]: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 5 21:55:13 MSFW01 NetN2N[20756]: Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Nov 5 21:55:13 MSFW01 NetN2N[20756]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Nov 5 21:55:13 MSFW01 NetN2N[20756]: [NetN2N] Peer Connection Initiated with [AF_INET]188.193.26.16:2000
Nov 5 21:55:14 MSFW01 NetN2N[20756]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 5 21:55:14 MSFW01 NetN2N[20756]: Initialization Sequence Completed
EDIT:
Now I’ve managed it myself …
I sniffed something on the net and found a post that was similar to sö, and lo and behold … I had a routing entry inside that was wrong. Unfortunately, I don’t know where it came from!
I then deleted it and restarted openvpn and lo and behold, route is set and running …
that had to come out …
So now I finish this topic first … have another one.
For everyone who has the same problem … the adapter can be deleted with
ip link delete YOUR_NETWORK_INTERFACE
Beautiful evening!
