Two OpenVPN clients Communicating w/ Each Other

boguo · 25 August 2020 15:19

Hi there, we need to reach OpenVPN clients, just as described in the OpenVPN document in this link.. Our ultimate goal is for two OpenVPN clients to communicate with each other just like any two devices “inside” the green network.

After some research, it appears that configuring “Static IP Address Pools” could be where the implementation lies. However, with limited networking knowledge, I am still scratching my head after experimenting for a day.

I appreciate any help you can provide.

Bo

ummeegge · 25 August 2020 16:22

Hello Bo,
did you checked the --client-to-client option --> https://wiki.ipfire.org/configuration/services/openvpn/config/advanced_set ?

Best,

Erik

boguo · 25 August 2020 17:17

Hi Erik,

I just attempted, but still not working. Here is what I did:

Here is OpenVPN subnet:

On the advanced setting, I added the subnet to “Route Push Options” as shown.

Then I turned on “Client-To-Client” option under the “Miscellaneous” options.

The two clients had 10.25.54.18 and 10.25.54.33 respectively.

Please advise where I had failed.

Thanks!

Bo

ummeegge · 26 August 2020 04:46

Hi,
did you checked the firewall logs ? May you need to add FW rules.

Best,

Erik

boguo · 26 August 2020 18:57

I added the rule as

I most likely did not do it right as we failed to Ping each other. And the FW Log had no records of the Ping attempts for some reason.

Thanks!
Bo

ummeegge · 1 September 2020 06:16

Hi Bo,
sorry for the late replay. Did you checked with e.g. traceroute where the connection attempts ends ? What is the FW policy of IPFire ? Did you also checked the FW´s on client side (Windows does not allow access from other subnets) ?

The informations are a little less to help you better out.

Best,

Erik

boguo · 3 September 2020 04:05

@ummeegge, Here is the FW policy, let me know if you see anything I may change.

The clients are Ubuntu desktops and a MacBook Pro with no FW settings on.

Cheers,
Bo

ummeegge · 7 September 2020 09:10

Hello,
since the FORWARD policy is open and the clients are in the same subnet i see currently no reason why the connection between the clients does not work. Reading a little around i saw some configurations which needed ’ topology subnet’ in the server configuration, IPFire runs currently in a net30 topology as far as i know so it might be an idea to check if this can change something.

In the old IPFire forum is a answer (in German) whereby the static ip address pool and the push route option has been used --> https://forum.ipfire.org/viewtopic.php?t=13351#p84383 so i think in general this should work but i can not check it currently.

As ask before, did you checked a traceroute ?

Best,

Erik