hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.33k stars 6.33k forks source link

Client to Client Connection not working #1416

Closed DressyLemon closed 1 year ago

DressyLemon commented 1 year ago

Checklist

Describe the issue When trying to ping or access other related hosted services on other clients. it is not accessible nor pingble.

To Reproduce Steps to reproduce the behavior:

Ubuntu Server 1 -> VPN Server

3x Users: VPN1 VPN2 VPN3

MikroTik RouterOS -> VPN1 Ubuntu Server 2 -> VPN2 Windows Client -> VPN3

All clients are fully capable of pinging the VPN Server. Although Clients cannot ping each-other.

Expected behavior Clients can ping each-other

Server (please complete the following information)

Client (please complete the following information)

Additional context Followed advice mentioned previously but sadly still can't get this to work.

hwdsl2 commented 1 year ago

@DressyLemon Hello! Client-to-client traffic is enabled by default. See:

https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/advanced-usage.md#internal-vpn-ips-and-traffic

If connected VPN clients cannot reach each other, it is usually because the firewall on each client is blocking such traffic.

You can test by temporarily removing the last DROP rule from the IPTables FORWARD chain on the VPN server, which will allow all forwarded traffic. Then try the client to client traffic again. Be sure to add the rule back after testing.

DressyLemon commented 1 year ago

Sadly, Tried this and had no success. I tried using alternatives such as your docker container image and this didn't work either.

Tried disabling all firewalls on all devices and still no luck.

hwdsl2 commented 1 year ago

@DressyLemon If you have tested that temporarily removing the DROP rule doesn't work, the issue is not on the VPN server side. Check that you are using the correct internal IPs for traffic between VPN clients. Refer to the link in my previous reply.

DressyLemon commented 1 year ago

I'd just like confirm that I'm running this drop rule on the VPN server?

hwdsl2 commented 1 year ago

@DressyLemon Yes, on the VPN server you can temporarily remove the last DROP rule from the IPTables FORWARD chain to test. Make sure that you add the rule back after testing for security. If client-to-client traffic still doesn't work after removing the DROP rule, then the issue is not on the VPN server side.