Client to Client Connection not working

[DressyLemon]

Checklist

• [x] I read the README
• [x] I read the Important notes
• [x] I followed instructions to configure VPN clients
• [x] I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status
• [x] I searched existing Issues
• [x] This bug is about the VPN setup scripts, and not IPsec VPN itself

Describe the issue When trying to ping or access other related hosted services on other clients. it is not accessible nor pingble.

To Reproduce Steps to reproduce the behavior:

Ubuntu Server 1 -> VPN Server

3x Users: VPN1 VPN2 VPN3

MikroTik RouterOS -> VPN1 Ubuntu Server 2 -> VPN2 Windows Client -> VPN3

All clients are fully capable of pinging the VPN Server. Although Clients cannot ping each-other.

Expected behavior Clients can ping each-other

Server (please complete the following information)

• OS: Ubuntu Server LTS ( Latest )
• Hosting provider (if applicable): FastHosts

Client (please complete the following information)

• VPN mode: IPsec/L2TP

Additional context Followed advice mentioned previously but sadly still can't get this to work.

[hwdsl2]

@DressyLemon Hello! Client-to-client traffic is enabled by default. See:

https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/advanced-usage.md#internal-vpn-ips-and-traffic

If connected VPN clients cannot reach each other, it is usually because the firewall on each client is blocking such traffic.

You can test by temporarily removing the last DROP rule from the IPTables FORWARD chain on the VPN server, which will allow all forwarded traffic. Then try the client to client traffic again. Be sure to add the rule back after testing.

[DressyLemon]

Sadly, Tried this and had no success. I tried using alternatives such as your docker container image and this didn't work either.

Tried disabling all firewalls on all devices and still no luck.

[hwdsl2]

@DressyLemon If you have tested that temporarily removing the DROP rule doesn't work, the issue is not on the VPN server side. Check that you are using the correct internal IPs for traffic between VPN clients. Refer to the link in my previous reply.

[DressyLemon]

I'd just like confirm that I'm running this drop rule on the VPN server?

[hwdsl2]

@DressyLemon Yes, on the VPN server you can temporarily remove the last DROP rule from the IPTables FORWARD chain to test. Make sure that you add the rule back after testing for security. If client-to-client traffic still doesn't work after removing the DROP rule, then the issue is not on the VPN server side.