When VPN is connected i cannot reache the server from diffrent vlan

Question

When VPN is connected i cannot reache the server from diffrent vlan

Opened this issue 3 years ago · 2 comments

SBerg1980 commented 3 years ago

i have 2 VLAN:

VLAN 1 192.168.1.0/24
VLAN 2 192.168.2.0/24

passthroughvpn runs on vlan2

If i start passtroughvpn i can ping the machine from vlan2 all the time.
When my machine is connected to vlan1 i can only ping the machine when the openvpn is down.

When i remote control the docker and add this
iptables -A OUTPUT -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT

i can ping the machine and connect to it.

LAN_NETWORK: 192.168.2.0/24,192.168.1.0/24

Please help

Answer 1 · 2021-06-11T23:45:25.000Z

Could you post your full log with sensitive information masked? I'll look at it to see if I see something off

Answer 2 · 2021-06-12T12:09:22.000Z

2021-06-12 13:47:16.908921 [INFO] A group with PGID 100 already exists in /etc/group, nothing to do.
2021-06-12 13:47:16.928885 [INFO] An user with PUID 99 already exists in /etc/passwd, nothing to do.
2021-06-12 13:47:16.947992 [INFO] UMASK defined as '002'
2021-06-12 14:05:35.916176 [INFO] VPN_ENABLED defined as 'yes'
2021-06-12 14:05:35.937470 [INFO] VPN_TYPE defined as 'openvpn'
2021-06-12 14:05:35.966582 [INFO] OpenVPN config file is found at /config/openvpn/openvpn.ovpn
dos2unix: converting file /config/openvpn/openvpn.ovpn to Unix format...
2021-06-12 14:05:35.993310 [INFO] VPN remote line defined as 'nl.vpnapp.com 1194'
2021-06-12 14:05:36.018345 [INFO] VPN_REMOTE defined as 'nl.vpnapp.com'
2021-06-12 14:05:36.043367 [INFO] VPN_PORT defined as '1194'
2021-06-12 14:05:36.067679 [INFO] VPN_PROTOCOL defined as 'udp'
2021-06-12 14:05:36.090950 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2021-06-12 14:05:36.113957 [INFO] LAN_NETWORK defined as '192.168.2.0/24,192.168.1.0/24'
2021-06-12 14:05:36.136948 [INFO] NAME_SERVERS defined as '1.1.1.1,8.8.8.8'
2021-06-12 14:05:36.159965 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2021-06-12 14:05:36.183078 [INFO] Adding 1.1.1.1 to resolv.conf
2021-06-12 14:05:36.206422 [INFO] Adding 8.8.8.8 to resolv.conf
2021-06-12 14:05:36.229360 [INFO] Starting OpenVPN...
Sat Jun 12 14:05:36 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Sat Jun 12 14:05:36 2021 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Sat Jun 12 14:05:36 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]190.2.132.52:1194
Sat Jun 12 14:05:36 2021 UDP link local: (not bound)
Sat Jun 12 14:05:36 2021 UDP link remote: [AF_INET]190.2.132.52:1194
Sat Jun 12 14:05:36 2021 [openvpn2.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]190.2.132.52:1194
Sat Jun 12 14:05:42 2021 TUN/TAP device tun0 opened
Sat Jun 12 14:05:42 2021 /sbin/ip link set dev tun0 up mtu 1500
Sat Jun 12 14:05:42 2021 /sbin/ip addr add dev tun0 local 10.200.0.90 peer 10.200.0.89
Sat Jun 12 14:05:42 2021 Initialization Sequence Completed
2021-06-12 14:05:43.284496 [INFO] Docker network defined as 192.168.2.0/24
2021-06-12 14:05:43.311906 [INFO] Adding 192.168.2.0/24 as route via docker eth0
RTNETLINK answers: File exists
2021-06-12 14:05:43.337854 [INFO] Adding 192.168.1.0/24 as route via docker eth0
2021-06-12 14:05:43.361231 [INFO] ip route defined as follows...

0.0.0.0/1 via 10.200.0.89 dev tun0
default via 192.168.2.1 dev eth0
10.200.0.1 via 10.200.0.89 dev tun0 metric 1
10.200.0.89 dev tun0 proto kernel scope link src 10.200.0.90
128.0.0.0/1 via 10.200.0.89 dev tun0
190.2.132.52 via 192.168.2.1 dev eth0
192.168.1.0/24 via 192.168.2.1 dev eth0
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.102

iptable_mangle 16384 1
ip_tables 28672 5 iptable_filter,iptable_nat,iptable_mangle
x_tables 28672 14 ip6table_filter,xt_conntrack,iptable_filter,nft_compat,xt_tcpudp,xt_addrtype,xt_CHECKSUM,xt_nat,ip6_tables,ipt_REJECT,ip_tables,ip6table_mangle,xt_MASQUERADE,iptable_mangle
2021-06-12 14:05:43.406784 [INFO] iptables defined as follows...

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.2.0/24 -d 192.168.2.0/24 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.2.0/24 -d 192.168.2.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

Warning: iptables-legacy tables present, use iptables-legacy to see them

2021-06-12 14:05:43.431914 [INFO] A group with PGID 100 already exists in /etc/group, nothing to do.
2021-06-12 14:05:43.458245 [INFO] An user with PUID 99 already exists in /etc/passwd, nothing to do.
2021-06-12 14:05:43.480066 [INFO] UMASK defined as '002'