1

I have a Device on a remote site that I need a network connection from a VPS OpenVPN Server), so I set up a Raspberry Pi running Stretch as a 3G/4G Router. The Pi connects to 3G OK, and can connect to the Internet. As a means of giving the Pi a fixed IP address, I installed OpenVPN on the VPS, and the OpenVPN client on the Pi, and the VPN tunnel establishes. OpenVPN is set up to always assign the same 10.8.0.5 address to the Pi. All good so far. The Pi can ping and ssh to the VPS on 10.8.0.1, and the VPS can ping and ssh to the VPS on 10.8.0.5.

The ETH0 on the Pi has a static address of 192.168.201.1, and the Device has an address of 192.168.201.2 . The Pi can ping 192.168.201.2 OK.

The VPS can ping the Pi on 192.168.201.1, but can't ping the Device on 192.168.201.2. This is the routing issue I have.

The VPS is out on the internet somewhere. The full 'route' would be from VPS, through OpenVPN tunnel to the Raspberry Pi (10.8.0.5) then through the Pi and out on eth0 (static IP address 192.168.201.1) to a Device (IP address 192.168.201.2).

ip route on the VPS returns:

default via 78.143.255.129 dev eth0 
10.8.0.0/24 via 10.8.0.2 dev tun0 
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1 
78.143.xxx.yyy/25 dev eth0 proto kernel scope link src 78.143.xxx.yyy 
192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.1 
192.168.201.0/24 via 10.8.0.2 dev tun0

ip route on the Pi returns:

0.0.0.0/1 via 10.8.0.6 dev tun0 
default via 192.168.0.1 dev usb0 src 192.168.0.143 metric 600 
10.8.0.0/24 via 10.8.0.6 dev tun0 
10.8.0.6 dev tun0 proto kernel scope link src 10.8.0.5 
78.143.xxx.yyy via 192.168.0.1 dev usb0 
128.0.0.0/1 via 10.8.0.6 dev tun0 
192.168.0.0/24 dev usb0 proto kernel scope link src 192.168.0.143 metric 600 
192.168.200.0 via 10.8.0.6 dev tun0 
192.168.201.0 via 10.8.0.6 dev tun0 
192.168.201.0/24 dev eth0 proto kernel scope link src 192.168.201.1 metric 202

What I'm trying to achieve is an app on the VPS connecting to the Device on 192.168.201.2. I suspect the issue is something to do with routing clashes on the last two lines on the above routing table, but that's a guess.

Picture of the setup:

picture of the setup

Hope that makes some sort of sense. Regards, Tony...

Ingo
43k20 gold badges87 silver badges207 bronze badges
asked Jan 26, 2019 at 16:34
5
  • What does VPS mean? On the remote side you have a device and the RasPi. What is on this side? Where is VPS? Anywhere on the internet? Commented Jan 26, 2019 at 21:02
  • VPS - Sorry - its Virtual Private Server. Commented Jan 27, 2019 at 11:04
  • Thanks for feedback but id doesn't answer all questions. What is on this side, not on the remote side? Where is the VPN server located? Anywhere on the internet? Please address me with @Ingo, otherwise I won't see your reply. Commented Jan 27, 2019 at 12:30
  • @Ingo - It's my first question here so haven't fully mastered it. The VPS is out on the internet somewhere. The full 'route' would be from VPS, through OpenVPN tunnel to the Raspberry Pi (10.8.0.5) then through the Pi and out on eth0 (static IP address 192.168.201.1) to a Device (IP address 192.168.201.2). There's a sort of picture at g8wbi.info/3G_router.png if it helps. Commented Jan 27, 2019 at 23:59
  • The picture is good. It illustrates much. I have updated the question. Maybe you can strip the ip route info from it? I will have a look at it but I'm bussy just now ... Commented Jan 28, 2019 at 18:47

1 Answer 1

1

It is very difficult to bring the output of the routing tables in harmony with the picture. There are some ip addresses and subnets from the routing tables you do not mention so I cannot see how the effective routes are set.

Please can you insert the following ip addresses into the picture: 78.143.255.129, 10.8.0.2, 10.8.0.6, 192.168.0.1, 0.0.0.0/1, 128.0.0.0/1, 192.168.200.0, 192.168.201.0. The last two one are usually subnet addresses and should have a bit mask (/24?).

A vague guess is that ip forwarding isn't set on your RasPi so it will not forward the packages to subnet 192.168.201.0/24. You can enable ip forwarding with:

rpi ~$ sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

I don't know your networking setup for persistent setup this option but by default you have to uncomment in /etc/sysctl.conf:

net.ipv4.ip_forward=1

and reboot.

I have made a simple open VPN tunnel with a Raspberry Pi for reference. It does not fit exactly your needs but it may give you an idea how to make a lean setup. You can look at Simple openVPN with static keys.

answered Jan 30, 2019 at 20:00
1
  • I'm pretty sure that net.ipv4.ip_forward=1 is set in sysctl.conf. That's in my setup script I use to install all of the various components. Unfortunately I have lost all communications with the remote Raspberry Pi now, so can't confirm that. I will have visit the site. Due to other pressures, that won't be for a while, so thanks for all of your comments and assistance, but for now I'm calling this case closed. In the meantime, I'll have to do some serious reading up on IP routing. Commented Jan 31, 2019 at 22:35

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.