I have a local network behind a Ubuntu server doing NAT, iptables, OpenVPN, and VirtualBox, all IPV4.
I need VPN clients to access machines in local network. Local net is 192.168.1.0/24 and VPN net is 192.168.2.0/24.
In iptables I added a forward rule, from VPN net to local net
INTNET="192.168.1.0/24" INTIF="eth1" VPNIF="tun0" VPNNET="192.168.2.0/24" iptables -A FORWARD -i $VPNIF -s $VPNNET -d $INTNET -j ACCEPT iptables -A FORWARD -i $INTIF ! -s $VPNNET -d $VPNNET -m state --state RELATED,ESTABLISHED -j ACCEPT And here is the routing table
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 10.0.24.36 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 I can ping devices in local net which have a static IP, but cannot ping machines with dynamic IP.
I also cannot ping a virtual machine running in VirtualBox (Ubuntu), even this one has a static IP and the virtual adapter is bridged with eth1.
It doesn’t bother too much that I cannot access dynamically assigned IP machines, but the virtual one is critical.
Does anone know why this is occurring?
I add here 2 wireshark packet captures.Hopefully the comments inside pictures are self explanatory Capture on virtual machine
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0 10.0.38.248 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0Routes shoud be ok as the machines with static IP are accessible (sorry, cannot find a better format)