How to set IPTABLES on Ubuntu server to accept incoming route call from LAN?

Bo Berglund bo.berglund at gmail.com
Sun Jan 16 09:44:58 UTC 2022 

On Sun, 16 Jan 2022 09:05:01 +0000, Chris Green <cl at isbd.net> wrote:

>On Sun, Jan 16, 2022 at 09:34:46AM +0100, Bo Berglund wrote:
>> I have an OpenVPN server running on an Ubuntu Server 20.04.3 and it has worked
>> well for a long time.
>> 
>> Now I have put another ASUS router on my summer home and it is set up to connect
>> a VPN connection back home so I can reach my home data from any device at the
>> summer home. Basically connecting the two LAN's together. This works just fine
>> as seen from the summer home.
>> 
>> But I also want the same visibility of the summer home from my home LAN and
>> currently that is not working. I figured this is possible to solve by routing
>> from the ASUS router to the OpenVPN server.
>> 
>Do the two routers really need to be on separate LANs?  We have a very
>similar situation, except that our summer house is called the cabin.
>
>Is the 'summer home' not local to your home?

100 km separation...

And for routing to work they need to be using separate LAN IP ranges:
Home LAN:    192.168.119.0/24
Summer home: 192.168.117.0/24

We got fiber installed at the summer home January 4th, but I have not yet
visited the place. I am preparing the equipment at home and I have attached the
router to be used there to a second incoming connection at home so I can test
the functionality.

The router connects just fine and I can use the home LAN resources from a device
connected to the test router. So this direction is OK.

But I cannot yet reach the "remote" device from my home LAN, which is on IP
192.168.119.0/24, even though the VPN tunnel is operating.
The added static route to the main ASUS router works and I can see that a ping
call to the remote device goes first to my main gateway but from there to the
OpenVPN server's IP but then it stops.
So it seems like it is not handling the incoming data....

tracert 192.168.117.173
Tracing route to rpi3-agissr-aspo [192.168.117.173]
over a maximum of 30 hops:

  1     1 ms    <1 ms     1 ms  asus-main [192.168.119.1]
  2     1 ms     1 ms     1 ms  ubuntusrv [192.168.119.216] <= OVPN server
  3     1 ms     1 ms     1 ms  asus-main [192.168.119.1]
  4     1 ms     1 ms     1 ms  ubuntusrv [192.168.119.216] <= OVPN server

ping 192.168.117.173
Pinging 192.168.117.173 with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 192.168.119.216: TTL expired in transit.
Reply from 192.168.119.216: TTL expired in transit.

The OVPN server "should" know what to do with incoming calls for the remote
address since it has the connection open from there...


-- 
Bo Berglund
Developer in Sweden

More information about the ubuntu-users mailing list