Let me first tell what I want to achieve:
In a datacenter I have a Ubuntu server with OpenVPN installed as server. Somewhere on an internet connection I have a RB750 as OpenVPN client. What I want is to reach network behind the RB750 from the OpenVPN server.
The situation:
Between the server and the client there is en OpenVPN tunnel. Server tun0 has IP address 10.5.0.1 and the client is 10.5.0.4. There is also a route on the server: 10.10.0.0/16 to gateway 10.5.0.4.
The problem:
The tunnel works fine, from server I can reach the client on 10.5.0.4 (ping and SSH). Also from the client I can reach the server without any problems. The problem: from the server I cannot reach the internal network behind the RB750, so I cannot ping 10.10.1.1 or 10.10.1.2. When I look into the tunnel with tcpdump I see the packages go into the tunnel and when I check with the RB750, I don’t see the packages coming out of the tunnel.
Routes on server:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.5.0.0 * 255.255.255.0 U 0 0 0 tun0
x.x.x.x * 255.255.252.0 U 0 0 0 eth0
10.10.0.0 10.5.0.4 255.255.0.0 UG 0 0 0 tun0
default x.x.x.x 0.0.0.0 UG 100 0 0 eth0
OpenVPN server config:
port 1194
proto tcp
dev tun
topology subnet
ca /etc/openvpn/keys/root.crt
cert /etc/openvpn/keys/servercert.pem
key /etc/openvpn/keys/serverkey.pem # This file should be kept secret
dh /etc/openvpn/dh1024.pem
server 10.5.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
keepalive 10 120
auth SHA1
cipher BF-CBC # Blowfish (default)
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
