I have an OpenVPN client connected to an OpenVPN server.
The server has the following routes:
default via 10.109.185.65 dev eth0 proto dhcp src 10.109.185.84 metric 10010.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.110.109.185.64/27 dev eth0 proto kernel scope link src 10.109.185.8410.109.185.65 dev eth0 proto dhcp scope link src 10.109.185.84 metric 100The client has the following address on the tun0 virtual interface created by OpenVPN:
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100link/none inet 10.8.0.3/24 brd 10.8.0.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::3c55:91d1:e8cf:7c55/64 scope link flags 800 valid_lft forever preferred_lft foreverFrom the server, I can ping the client by doing ping 10.8.0.3 and it works fine.
Then I added a second IP address to tun0 on the client by doing ip addr add 10.100.1.2/24 dev tun0. It shows up on the tun0 interface as:
inet 10.100.1.2/24 scope global tun0 valid_lft forever preferred_lft foreverOn the server, I added a route for that subnet by doing ip route add 10.100.1.0/24 dev tun0. It shows up in the route list as:
10.100.1.0/24 dev tun0 scope linkBut trying a ping 10.100.1.2 on the server failed.
Then I noticed that both the server and client had the following iptables FORWARD rule:
ACCEPT all -- 10.8.0.0/24 anywhereSo I added another FORWARD rule for the 10.100.1.0 subnet by doing iptables -A FORWARD -s 10.100.1.0/24 on both the server and client.
But trying a ping 10.100.1.2 on the server still fails.
Is there anything else I need to do in order to be able to ping 10.100.1.2 from the server?