Scenario
I want to connect my team to a remote server via a VPN. This VPN has to go through some rules the remote server has which are described below.I have setup OpenVPN but am open to trying any other VPN solution.
Connecting to a remote server via the following:Laptop -> VPN Client (Viscosity) -> OpenVPN server running on VM on Google Cloud -> Google Cloud VPN -> IPSec using IKEv2 connection to remote Gateway -> Remote server
The VM runs in a Virtual Private Cloud in Google Cloud, which has internal IP ranges of 172.25.165.0/26 and Gateway is 172.25.165.1
The remote server is in a local IP range of 172.23.133.0/24 (172.23.133.1)Its gateway has a rule set that it must be connected to via an IP in range of 172.25.165.0/26
My VPN client is typically assigned 172.25.165.5 after connecting
Cloud VPN has a tunnel setup:VPN tunnel inner IP stack typeIPv4Multiprotocol BGPDisabled IPv6Advertised IP ranges172.23.133.0/24Local subnetworkslnetwork 172.25.165.0/26
Routes in Google Cloud show as such:
| Name | Description | Destination IP range | Priority | Next Hop |
|---|---|---|---|---|
| default-route-1 | Default route to the Internet | 0.0.0.0/0 | 1000 | VPN tunnel |
| default-route-1b | Default local route to the subnetwork | 172.25.165.0/26 | 0 | VPN |
| tunnel-2-route-1 | 172.23.133.0/24 | 1000 | VPN tunnel |
Firewall is set to allow all ingress and egress for those routes
IP Forwarding is On for the VM
OpenVPN config
local 172.25.165.2port 1194proto tcp-serverdev tunca ca.crtcert server.crtkey server.keydh dh.pemauth SHA512tls-crypt tc.keymode servertls-servertopology subnetpush "topology subnet"ifconfig 172.25.165.3 255.255.255.0ifconfig-pool 172.25.165.5 172.25.165.200 255.255.255.0route-gateway 172.25.165.2push "route-gateway 172.25.165.2"push "route 172.25.165.5 255.255.255.0 172.23.133.17"ifconfig-pool-persist ipp.txtpush "dhcp-option DNS 8.8.8.8"push "dhcp-option DNS 8.8.4.4"keepalive 10 120cipher AES-256-CBCuser nobodygroup nogrouppersist-keypersist-tunverb 3crl-verify crl.pemlog /var/log/openvpn/openvpn.logNotes
I can successfully connect to the remote server if I ssh into the VMI can also successfully tunnel my traffic via the VM from my laptopsshuttle also works for connecting via the vm to the remoteI can ping the remote server via the vm
I can successfully connect to the OpenVPN server using a local client (either Viscosity or OpenVPN client)
However, I cannot successfully to the remote server once connected to the VPNAttempting to ping the remote server on the VPN results in "Network is unreachable"
There is nothing in the OpenVPN logs on the server that seems relevant.
I have tried many different combinations of OpenVPN server config changes as well as client config changes but no success. I've also tried adding routes directly on the vm. I also have had no success with trying via OpenVPN Open Access server which results in the same issue. I have been at this for over 3 days and have read as much documentation on OpenVPN as I can find and many StackExchange questions on OpenVPN but have been unable to find an answer. Most existing answers seem to point to the firewall or the routing as being the problem. I'm not seeing any blocked events in the firewall log (and it is set to open for all these ranges) so I am assuming I am doing something wrong in trying to route the traffic in the OpenVPN config. How can I set up the vm and network and config to work in this scenario?