Good afternoon.
An incomprehensible problem, there is a home network behind the router and the client behind it is the address 172.20.21.99.
I can not understand why the address 172.20.21.99 is not available for the client.
On router openvpn-server:
ip r show:
ip a:
iptables -nvL
iptables -nvL -t nat
On Client:
Server
An incomprehensible problem, there is a home network behind the router and the client behind it is the address 172.20.21.99.
I can not understand why the address 172.20.21.99 is not available for the client.
On router openvpn-server:
ip r show:
Code:
172.20.21.99 via 192.168.6.2 dev tun21
Code:
10: br0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 60:45:cb:59:cf:10 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.30/27 brd 192.168.5.31 scope global br0
11: tun21: <POINTOPOINT,MULTICAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 100
link/none
inet 192.168.6.1/27 brd 192.168.6.31 scope global tun21
iptables -nvL
Code:
Chain OVPN (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- tun21 * 0.0.0.0/0 192.168.5.0/27
Chain PControls (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain PTCSRVLAN (0 references)
pkts bytes target prot opt in out source destination
Chain PTCSRVWAN (0 references)
pkts bytes target prot opt in out source destination
Chain SECURITY (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02 limit: avg 1/sec burst 5
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x02
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04 limit: avg 1/sec burst 5
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x17/0x04
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain default_block (0 references)
pkts bytes target prot opt in out source destination
Chain logaccept (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix "ACCEPT "
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix "DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain other2wan (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- tun+ * 0.0.0.0/0 0.0.0.0/0
4 240 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
iptables -nvL -t nat
Code:
Chain PREROUTING (policy ACCEPT 35246 packets, 2271K bytes)
pkts bytes target prot opt in out source destination
2 84 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:21194
7684 488K VSERVER all -- * * 0.0.0.0/0 XXX.XXX.XXX.XXX
Chain INPUT (policy ACCEPT 31574 packets, 1974K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1216 packets, 145K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1053 packets, 87791 bytes)
pkts bytes target prot opt in out source destination
7194 525K PUPNP all -- * eth0 0.0.0.0/0 0.0.0.0/0
6809 501K MASQUERADE all -- * eth0 !XXX.XXX.XXX.XXX 0.0.0.0/0
177 60526 MASQUERADE all -- * br0 192.168.5.0/27 192.168.5.0/27
Chain DNSFILTER (0 references)
pkts bytes target prot opt in out source destination
Chain LOCALSRV (0 references)
pkts bytes target prot opt in out source destination
Chain PCREDIRECT (0 references)
pkts bytes target prot opt in out source destination
Chain PUPNP (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- * * 192.168.5.29 0.0.0.0/0 tcp spt:32400 masq ports: 23163
Chain VSERVER (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4672 to:192.168.5.30
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4665 to:192.168.5.30
2 120 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 to:192.168.5.30
1825 134K DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51413 to:192.168.5.30
4609 236K DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51413 to:192.168.5.30
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8481 to:192.168.5.30:8481
2 104 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 to:192.168.5.30:8081
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9091 to:192.168.5.29:9091
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32400 to:192.168.5.29:32400
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:32400 to:192.168.5.29:32400
12 700 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3210 to:192.168.6.3:3210
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3210 to:192.168.6.3:3210
1234 117K VUPNP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain VUPNP (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23163 to:192.168.5.29:32400
On Client:
Code:
Chain INPUT (policy ACCEPT 3642K packets, 4785M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2277K packets, 357M bytes)
pkts bytes target prot opt in out source destination
iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 3396 packets, 446K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 2091 packets, 310K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 37599 packets, 2300K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 13340 packets, 837K bytes)
pkts bytes target prot opt in out source destination
24061 1451K MASQUERADE all -- * * 192.168.6.0/27 0.0.0.0/0
204 13182 MASQUERADE all -- * * 192.168.5.0/27 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0
Server
Code:
cat /jffs/configs/openvpn/ccd1/ntkpc
#!/bin/sh
ifconfig-push 192.168.6.2 255.255.255.224
push "route 192.168.4.0 255.255.225.224 192.168.6.1"
push "route 192.168.5.0 255.255.225.224 192.168.6.1"
iroute 172.20.21.99 255.255.255.255
Code:
/etc/openvpn/server1/config.ovpn
# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 192.168.6.0 255.255.255.224
dev tun21
push "route 192.168.5.0 255.255.255.224 vpn_gateway 500"
route 172.20.21.99 255.255.255.255 192.168.6.2