Author Topic: OPenVPN Tap0  (Read 293 times)

Zlaxer

  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
OPenVPN Tap0
« on: June 20, 2024, 03:14:01 pm »
Sorry if this is covered elsewhere - I've tried just about everything I did find regarding this issue in this forum (and elsewhere).

Client connections (internal and external to the LAN) establish just fine but Tap0 on the Zentyal 8 / OPenVPN server running as a guest on Xenzerver 7.4 does not seem to pass traffic from the VPN's network 192.168.168.0 to the internal LAN network 192.168.0.0.  The VPN clients can ping each other and can ping the Zentyal server's eth0 (LAN) address and Tap0 (VPN) address.  TCP dump shows pings from my VPN clients hitting the server's Tap0, but nothing from Tap0 to the eth0 (internal LAN).  I've set all 4 firewall modules to accept all ports from any IP.  I will try to post my Zentyal OPenVPN config file later today with some screen shots of the OpenVPN, network, and Firewall admin screens. 

Note that the VPN clients are running on windows 10 and 11 but that they worked just fine with Zentyal 4.1.  Also, the fact that their pings hit the Zentyal Tap0 leads me to believe the issue is with the Zentyal setup and not a Win 10/11 Tap0 issue (but I could be wrong).  Note I am advertising the LAN network through the VPN.  Also, the Zentyal server only has 1 interface (eth0) and is not the default gateway.  I know the documentation says there needs to be 2 interfaces - so does this mean it's not possible to use Zentyal 8 as a VPN with only 1 NIC?  Just find it puzzling since Zentyal 4.1 worked so well in this setup.

Also, is it possible the clients' traffic is going through the server's Tap0 to Eth0 to the default gateway (which doesn't have a routing entry for the VPN) without showing up in TCP dump?

Siroco

  • Zen Apprentice
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: OPenVPN Tap0
« Reply #1 on: July 01, 2024, 11:37:32 am »
Hi,

If you only have one network interface, you should ensure that the NAT option is enabled in your VPN server settings.

https://doc.zentyal.org/en/vpn.html

Anyway, as you mentioned, it would be very useful if you upload to somewhere screenshots of the following:

- Network configuration.
- OpenVPN configuration including the advertised networks.

Also, you should analyze the log files /var/log/syslog and /var/log/openvpn/ in Zentyal and also, the OpenVPN client logs.

Finally, did you check if the advertised network is the same network as your client? For instance: 192.168.0.0/24

Best regards.