I have an openvpn server set up on a Centos 7 box running firewallD. It seems to be working well except for one problem.
Some scenarios:
Client (etho 192.168.1.x, tun0 10.201.0.6) ———————————>VpnServer (enp4s0 faces internet, enp3s0 internal with 10.200.0.1/16 and tun0 internal with 10.201.0.1/16)
Connection from Client -> VpnServer — Good Client ping —> both 10.200.0.1 and 10.200.0.10 — Good Client ssh —> 10.200.0.1 — Good Client ssh —> to another server on the 10.200.0.0/16 network — connection refused
On the VpnServer I have enp4s0 in the external zone enp3s0 and tun0 in the internal zone along with ssh turned on on the internal zone
Here is my routing table on the VpnServer (public ip obscured)
netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 207-xxx-xxx-169 0.0.0.0 UG 0 0 0 enp4s0 default 10.200.0.1 0.0.0.0 UG 0 0 0 enp3s0 10.200.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp3s0 10.201.0.0 10.201.0.2 255.255.255.0 UG 0 0 0 tun0 10.201.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 207.xxx.xxx.168 0.0.0.0 255.255.255.248 U 0 0 0 enp4s0
I’m not sure if its a routing issue or a firewall issue (I’m leaning towards the latter) but when I turn off firewalld, everything seems to work ok.
Anybody have any clues or insight?
Thanks in advance
John Hayden