I am experiencing a difficulty with my VPN setup, as proven within the hooked up determine. The situation includes a VPN interface on the VPN server and one VPN purchasers machine with two interfaces.
From the VPN consumer machine, I can efficiently ping the VPN server utilizing both interface. Nonetheless, from the VPN server, I can try to ping each interfaces on the consumer, however just one receives the ping response, whereas the opposite doesn’t.
Within the case the place the ping will not be acquired, the request reaches the VPN consumer machine, however the reply is shipped again through the opposite interface (I checked out it utilizing Wireshark). This reply packet arrives on the VPN server machine however is discarded as a result of it would not come from the anticipated supply.
Initially, when the consumer is activated on the VPN consumer machine, reviewing the routes reveals that it defaults to reaching the VPN server through solely one of many interfaces. I’ve tried including the opposite route manually, and it appears to work nice, however it finally ends up contemplating the final entered route because the default for reaching the server.
Apparently, the identical setup works completely with bodily interfaces, the place pings reach all instructions. Here is the routing output (on the VPN consumer machine) for the bodily interfaces:
10.10.5.50 through 10.10.6.5 dev enp1s0 proto static
10.10.5.50 through 10.10.7.5 dev enp3s0 proto static
10.10.6.0/24 dev enp1s0 proto kernel scope hyperlink src 10.10.6.20
10.10.7.0/24 dev enp3s0 proto kernel scope hyperlink src 10.10.7.10
And for the VPNs:
192.168.255.1 through 192.168.255.9 dev tun1
192.168.255.1 through 192.168.255.5 dev tun0
192.168.255.5 dev tun0 proto kernel scope hyperlink src 192.168.255.6
192.168.255.9 dev tun1 proto kernel scope hyperlink src 192.168.255.10
I need to perceive why, within the case of bodily interfaces, there isn’t a battle having two routes resulting in the identical vacation spot, and the way the consumer machine decides which route to make use of if it’s not specified. Moreover, I want to know what I can do to make the VPNs behave in the identical method. If anybody has encountered an analogous problem or has recommendation on the right way to resolve this, your enter can be drastically appreciated!