How to activate routing [solved]

[hika]

I am maintaining a server I have access to through a vpn tunnel. On my side I have a fli4l box as the end point the other side is on the server.
This works great as long as I don't want to reach further then the server. I can not even ping any of the machines on that network.
As far as I know the routes are set up properly, but it seems that server refuses to route. It could be iptables on the fli4l router, but I don't think so. The server has no iptables.
I tested both on the external net and on my own net to set the server as default route, which then should route to the gateway they have as default route. That doesn't happen.
So my guess is that next to proper kernel configuration I have to do something else to activate the routing. I can not find anything in the homerouter wiki, so could anybody enlighten me?

Hika

[hika]

This is the routing table on the external server:

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         Router.agrikos. 0.0.0.0         UG    2      0        0 enp1s0
loopback        localhost       255.0.0.0       UG    0      0        0 lo
192.168.222.0   192.168.252.109 255.255.255.0   UG    2      0        0 tun0
192.168.232.0   *               255.255.255.0   U     0      0        0 enp1s0
192.168.252.108 192.168.252.110 255.255.255.252 UG    1      0        0 tun0
192.168.252.109 *               255.255.255.255 UH    0      0        0 tun0

where:

Code: Select all

192.168.232.0/24   is the local network
192.168.222.0/24   is my network
192.168.252.108/30 is the vpn network

As said before internal on the server it works, but it won't forward any route.

Hika

[hika]

I found the answer in the openvpn faq in openvpn.net.
For anybody who's interested. It is missing in the home router wiki.

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward

Hika

[hika]

One extra remark. It is in the wiki but hidden in the iptables config. Which I don't need here, for it is inside save networks.

[hika]

I have still some problems with the routing. I can now ping a printer on the other side, but not the windows machines or the router. Is this a setting on these machines? To only answer to requests on the local net?
Another thing still not working is the dns synchronization of isc bind. It worked when I build the remote server, when I had it at home behind my router on a separate subnet.
Once I put the new server on it's place behind the openvpn tunnel, it only worked one way on my server and not on the remote and still isn't. While testing I have iptables on my router fully open on the tunnel. So I don't think the problem lies there. Could it be that this goes by udp and that the kernel needs some other setting?