1

I have a Device on a remote site that I need a network connection from a VPS OpenVPN Server), so I set up a Raspberry Pi running Stretch as a 3G/4G Router. The Pi connects to 3G OK, and can connect to the Internet. As a means of giving the Pi a fixed IP address, I installed OpenVPN on the VPS, and the OpenVPN client on the Pi, and the VPN tunnel establishes. OpenVPN is set up to always assign the same 10.8.0.5 address to the Pi. All good so far. The Pi can ping and ssh to the VPS on 10.8.0.1, and the VPS can ping and ssh to the VPS on 10.8.0.5.

The ETH0 on the Pi has a static address of 192.168.201.1, and the Device has an address of 192.168.201.2 . The Pi can ping 192.168.201.2 OK.

The VPS can ping the Pi on 192.168.201.1, but can't ping the Device on 192.168.201.2. This is the routing issue I have.

The VPS is out on the internet somewhere. The full 'route' would be from VPS, through OpenVPN tunnel to the Raspberry Pi (10.8.0.5) then through the Pi and out on eth0 (static IP address 192.168.201.1) to a Device (IP address 192.168.201.2).

ip route on the VPS returns:

default via 78.143.255.129 dev eth0 
10.8.0.0/24 via 10.8.0.2 dev tun0 
10.8.0.2 dev tun0  proto kernel  scope link  src 10.8.0.1 
78.143.xxx.yyy/25 dev eth0  proto kernel  scope link  src 78.143.xxx.yyy 
192.168.200.0/24 dev eth0  proto kernel  scope link  src 192.168.200.1 
192.168.201.0/24 via 10.8.0.2 dev tun0

ip route on the Pi returns:

0.0.0.0/1 via 10.8.0.6 dev tun0 
default via 192.168.0.1 dev usb0 src 192.168.0.143 metric 600 
10.8.0.0/24 via 10.8.0.6 dev tun0 
10.8.0.6 dev tun0 proto kernel scope link src 10.8.0.5 
78.143.xxx.yyy via 192.168.0.1 dev usb0 
128.0.0.0/1 via 10.8.0.6 dev tun0 
192.168.0.0/24 dev usb0 proto kernel scope link src 192.168.0.143 metric 600 
192.168.200.0 via 10.8.0.6 dev tun0 
192.168.201.0 via 10.8.0.6 dev tun0 
192.168.201.0/24 dev eth0 proto kernel scope link src 192.168.201.1 metric 202

What I'm trying to achieve is an app on the VPS connecting to the Device on 192.168.201.2. I suspect the issue is something to do with routing clashes on the last two lines on the above routing table, but that's a guess.

Picture of the setup:

picture of the setup

Hope that makes some sort of sense. Regards, Tony...

Ingo
  • 42,107
  • 20
  • 85
  • 197
Tony Lock
  • 11
  • 1
  • What does VPS mean? On the remote side you have a device and the RasPi. What is on this side? Where is VPS? Anywhere on the internet? – Ingo Jan 26 '19 at 21:02
  • VPS - Sorry - its Virtual Private Server. – Tony Lock Jan 27 '19 at 11:04
  • Thanks for feedback but id doesn't answer all questions. What is on this side, not on the remote side? Where is the VPN server located? Anywhere on the internet? Please address me with @Ingo, otherwise I won't see your reply. – Ingo Jan 27 '19 at 12:30
  • @Ingo - It's my first question here so haven't fully mastered it. The VPS is out on the internet somewhere. The full 'route' would be from VPS, through OpenVPN tunnel to the Raspberry Pi (10.8.0.5) then through the Pi and out on eth0 (static IP address 192.168.201.1) to a Device (IP address 192.168.201.2). There's a sort of picture at http://www.g8wbi.info/3G_router.png if it helps. – Tony Lock Jan 27 '19 at 23:59
  • The picture is good. It illustrates much. I have updated the question. Maybe you can strip the ip route info from it? I will have a look at it but I'm bussy just now ... – Ingo Jan 28 '19 at 18:47

1 Answers1

1

It is very difficult to bring the output of the routing tables in harmony with the picture. There are some ip addresses and subnets from the routing tables you do not mention so I cannot see how the effective routes are set.

Please can you insert the following ip addresses into the picture: 78.143.255.129, 10.8.0.2, 10.8.0.6, 192.168.0.1, 0.0.0.0/1, 128.0.0.0/1, 192.168.200.0, 192.168.201.0. The last two one are usually subnet addresses and should have a bit mask (/24?).

A vague guess is that ip forwarding isn't set on your RasPi so it will not forward the packages to subnet 192.168.201.0/24. You can enable ip forwarding with:

rpi ~$ sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

I don't know your networking setup for persistent setup this option but by default you have to uncomment in /etc/sysctl.conf:

net.ipv4.ip_forward=1

and reboot.

I have made a simple open VPN tunnel with a Raspberry Pi for reference. It does not fit exactly your needs but it may give you an idea how to make a lean setup. You can look at Simple openVPN with static keys.

Ingo
  • 42,107
  • 20
  • 85
  • 197
  • I'm pretty sure that net.ipv4.ip_forward=1 is set in sysctl.conf. That's in my setup script I use to install all of the various components. Unfortunately I have lost all communications with the remote Raspberry Pi now, so can't confirm that. I will have visit the site. Due to other pressures, that won't be for a while, so thanks for all of your comments and assistance, but for now I'm calling this case closed. In the meantime, I'll have to do some serious reading up on IP routing. – Tony Lock Jan 31 '19 at 22:35