My home network has an OpenVPN server installed and working. I can connect into that network from Windows machines using the OpenVPN client software and everything works fine.
I have an Ubuntu laptop with the OpenVPN client installed. I can connect to the OpenVPN server using the client and the client.ovpn provided by my server; however, I cannot ping or access machines on the VPN once connected. Running a ping to a network machine results in this:
$ ping 192.168.2.3
PING 192.168.2.3 (192.168.2.3) 56(84) bytes of data.
From 192.168.2.136 icmp_seq=1 Destination Host Unreachable
From 192.168.2.136 icmp_seq=2 Destination Host Unreachable
From 192.168.2.136 icmp_seq=3 Destination Host Unreachable
The same thing works fine from Windows, so there must be an issue with how the routes are getting configured on the Ubuntu client, but I can't figure out what it is. I flushed my firewall rules on the client just in case.
Here's the output from route -n
before and after the VPN connection:
107.15.x.x
is the VPN network's public IP.
172.27.x.x
represents the VPN's virtual network.
WITHOUT VPN
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 wlan0
192.168.2.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0
192.168.121.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
WITH VPN
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 wlan0
107.15.x.x 192.168.2.1 255.255.255.255 UGH 0 0 0 wlan0
127.0.1.1 172.27.232.1 255.255.255.255 UGH 101 0 0 tun0
172.27.224.0 172.27.232.1 255.255.240.0 UG 101 0 0 tun0
172.27.232.0 0.0.0.0 255.255.252.0 U 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0
192.168.2.0 172.27.232.1 255.255.255.0 UG 101 0 0 tun0
192.168.121.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Any idea what I need to do to solve this?
Best Answer
Seeing that this is a simple addressing scheme problem:
If you have control over both addressing schemes and you will be adding a lot of sites in the future: use the
10.A.B.C/24
addressing scheme whereA
is the country,B
is the city andC
is the local LAN... (think big!)If you have control over only one of the addressing schemes (or will not be adding a lot of sites in the near future), have one use
192.168.dayofyourbirthday.0/8
(to make it sufficiently random that you will not have this problem again in the near future)and all problems will be gone!
:-)