Allereerst bedankt voor je snelle reactie.
Hierbij de log posten van het moment dat de tunnel connect. Uiteraard heb ik dingen daarin gemaskeerd.
Mar 31 12:11:35 : MULTI: multi_create_instance called
Mar 31 12:11:35 : Re-using SSL/TLS context
Mar 31 12:11:35 : LZO compression initializing
Mar 31 12:11:35 : Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Mar 31 12:11:35 : Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Mar 31 12:11:35 : Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Mar 31 12:11:35 : Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Mar 31 12:11:35 : TCP connection established with [AF_INET]<synology_ip>:<port>
Mar 31 12:11:35 : TCPv4_SERVER link local: (not bound)
Mar 31 12:11:35 : TCPv4_SERVER link remote: [AF_INET]<synology_ip>:<port>
Mar 31 12:11:36 : <synology_ip>:<port> TLS: Initial packet from [AF_INET]<synology_ip>:<port>, sid=c520669d c48ff6ee
Mar 31 12:11:36 : <synology_ip>:<port> VERIFY SCRIPT OK: depth=1, C=NL, ST=NH, L=<hidden>, O=<hidden>, emailAddress=<hidden>, CN=SSL-CA
Mar 31 12:11:36 : <synology_ip>:<port> VERIFY OK: depth=1, C=NL, ST=NH, L=<hidden>, O=<hidden>, emailAddress=<hidden>, CN=SSL-CA
Mar 31 12:11:36 : <synology_ip>:<port> VERIFY SCRIPT OK: depth=0, C=NL, ST=NH, L=<hidden>, O=<hidden>, emailAddress=<hidden>, CN=<hidden>
Mar 31 12:11:36 : <synology_ip>:<port> VERIFY OK: depth=0, C=NL, ST=NH, L=<hidden>, O=<hidden>, emailAddress=<hidden> CN=<hidden>
Mar 31 12:11:36 : <synology_ip>:<port> peer info: IV_VER=2.3.11
Mar 31 12:11:36 : <synology_ip>:<port> peer info: IV_PLAT=linux
Mar 31 12:11:36 : <synology_ip>:<port> peer info: IV_PROTO=2
Mar 31 12:11:36 : <synology_ip>:<port> Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Mar 31 12:11:36 : <synology_ip>:<port> Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 31 12:11:36 : <synology_ip>:<port> Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Mar 31 12:11:36 : <synology_ip>:<port> Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 31 12:11:36 : <synology_ip>:<port> Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mar 31 12:11:36 : <synology_ip>:<port> [vpnuser] Peer Connection Initiated with [AF_INET]<synology_ip>:<port>
Mar 31 12:11:36 : <synology_ip>:<port> MULTI_sva: pool returned IPv4=192.168.6.2, IPv6=(Not enabled)
Mar 31 12:11:36 : <synology_ip>:<port> MULTI: problem deleting temporary file: /tmp/openvpn_cc_1e89c0500842cfef36b119c64ee6184d.tmp
Mar 31 12:11:36 : <synology_ip>:<port> MULTI: Learn: 192.168.6.2 -> <synology_ip>:<port>
Mar 31 12:11:36 : <synology_ip>:<port> MULTI: primary virtual IP for <synology_ip>:<port>: 192.168.6.2
Mar 31 12:11:38 : <synology_ip>:<port> PUSH: Received control message: 'PUSH_REQUEST'
Mar 31 12:11:38 : <synology_ip>:<port> SENT CONTROL [vpnuser]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route-gateway 192.168.6.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.6.2 255.255.255.0,peer-id 0' (status=1)
Ik kan inderdaad van de server de client pingen op 192.168.6.2 maar niet op 192.168.10.1 (LAN IP van de SRM)
Een iroute staat er niet specifiek in. Welke iroute regel zou daar in moeten dan? Hieronder de server.conf:
dev ovpns3
verb 4
dev-type tun
tun-ipv6
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-128-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local <my-public-ip>
client-connect "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php server3"
tls-server
server 192.168.6.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/3
ifconfig 192.168.6.1 192.168.6.2
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'SSLVPN' 1"
lport 1194
management /var/etc/openvpn/server3.sock unix
push "route 192.168.2.0 255.255.255.0"
route 192.168.10.0 255.255.255.0
ca /var/etc/openvpn/server3.ca
cert /var/etc/openvpn/server3.cert
key /var/etc/openvpn/server3.key
dh /usr/local/etc/dh-parameters.2048.sample
tls-auth /var/etc/openvpn/server3.tls-auth 0
comp-lzo adaptive
topology subnet