Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server cannot access Clients #211

Closed
saikek opened this issue Oct 23, 2016 · 5 comments
Closed

Server cannot access Clients #211

saikek opened this issue Oct 23, 2016 · 5 comments

Comments

@saikek
Copy link

saikek commented Oct 23, 2016

Can you add configuration option to add FORWARD or some other routing / iptable rules, so Server would be able to connect to clients / ping clients ?

Currently clients are not visible to server.
@Nyr
Copy link
Owner

Nyr commented Oct 24, 2016

Server is able to ping clients by default. If it isn't for you, the problem is on your side (likely client dropping inbound ICMP).

Anyway this script is intended as a road-warrior kind of setup, not for internal networking.

@Nyr Nyr closed this as completed Oct 24, 2016
@Mohitsharma44
Copy link

Mohitsharma44 commented Nov 3, 2016
edited

@Nyr : I would like to echo @saikek's comment. I am having a hard time pinging the clients as well.
I understand that your script is intended as a "road-warrior" kind of setup but it would be nice to have iptables rules for server to client communication. Could you advise or point us in the right direction?

ps: I have not set up any firewall, iptables are flushed, I can see icmp request coming into the client but client cannot respond.

Ohh and btw it has always worked fine on my mac using tunnelblick. However the above mentioned issue is present on my Linux (Ubuntu) machines

@Mohitsharma44
Copy link

@saikek : Incase you were not able to resolve this issue, @Nyr has answered this in Issue #190. Simply go through the script and check the line where his script sets the NAT for VPN subnet and instead, add an exception to our VPN subnet.
Simply comment out

#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP
#sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL

and enter this:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL

This should work.

@Nyr
Copy link
Owner

Nyr commented Nov 3, 2016

@Mohitsharma44 that way, you enable internal networking between clients too. You could replace 10.8.0.0/24 with 10.8.0.1 if only client<->server communication is needed.

Aditionally, you could avoid routing internet traffic via the VPN altogether removing that rule, if only internal networking is wanted.

@Mohitsharma44
Copy link

Ah great. Thanks for the tip. Since I want client-to-client communication and natting, your current script with the above iptable change works great.

@Nyr Nyr mentioned this issue Nov 9, 2016
Closed
@camjac251 camjac251 mentioned this issue Jan 1, 2017
Closed
@ruffsl ruffsl mentioned this issue Jan 28, 2017
Closed
@Nyr Nyr mentioned this issue Mar 14, 2017
Closed
@Nyr Nyr mentioned this issue Apr 15, 2017
Closed
@podguzovvasily podguzovvasily mentioned this issue Jan 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Nyr @saikek @Mohitsharma44