hwdsl2
commented
1 year ago @xmaxmex Hello! Client-to-client traffic is enabled by default [1]. For your use case, if you cannot ping from client 192.168.42.10 to the Windows client at 192.168.42.11, it is most likely blocked by the firewall on Windows. To confirm that this is the case, you can try pinging 192.168.42.11 from 192.168.42.10. For troubleshooting purposes, you can temporarily remove the DROP rule [2] from the IPTables FORWARD chain, see if that helps, then add it back.
From a connected VPN client, unfortunately it is generally difficult to access the subnet behind another connected VPN client. This use case is not currently supported in this project. You can instead give WireGuard or OpenVPN a try, to see if they work for this use case.
[1] https://github.com/hwdsl2/setup-ipsec-vpn/blob/d343401ccacadc5bf919b8191911b24fb7f154de/vpnsetup_ubuntu.sh#L591-L598 [2] https://github.com/hwdsl2/setup-ipsec-vpn/blob/d343401ccacadc5bf919b8191911b24fb7f154de/vpnsetup_ubuntu.sh#L598
Checklist
Describe the issue A clear and concise description of what the bug is.
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Ping both clients
Logs Check logs and VPN status, and add error logs to help explain the problem, if applicable.
Server (please complete the following information)
Client (please complete the following information)
Additional context Add any other context about the problem here.
On windows 11, using the reg tip, i can connect on IPsec/L2tp, and get ip address 192.168.42.11, ping server 192.168.42.1 ok.
Both client-to-client traffic doesnt work!?
My Mikrotik with firewall disabled with ip 192.168.42.10, cant ping windows with firewall disabled with ip 192.168.42.11
My goal is on windows client side acces a subnet on back mikrotik client (100.64.0.0/24)
Add a route rule on Linux vpn server, on server i can ping this subnet add 192.168.42.10 as gateway
route add -net 100.64.0.0 netmask 255.255.255.0 gw 192.168.42.10
Any tip?