[Openvpn-users] Problems with routing and OpenVPN 2.0

[Stephane Lajeunesse <stephane.lajeunesse@xxxxxxxxx>]

Hi All,

I have installed OpenVPN 2.0 on Linux (server) and on Windows (client)

Here is the network topology

   OpenVPN 2.0 server ----------------- OpenVPN 2.0 Client
     192.168.201.1                               192.168.201.[100-150]
        |
        |
        |
     Local net 192.168.1.x
     IP = 192.168.1.107


Here is the issue:

I can ping 192.168.201.1 but I can't for the life of me ping 
192.168.1.107 (or anything in the 192.168.1.x net).

Route on the Server:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.201.0   0.0.0.0         255.255.255.0   U     0      0        0 tap0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0


Route on the client:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     64.10.90.244    64.10.90.244       1
     64.10.90.244  255.255.255.255        127.0.0.1       127.0.0.1       1
   64.255.255.255  255.255.255.255     64.10.90.244    64.10.90.244       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    142.77.225.83  255.255.255.255     64.10.90.244    64.10.90.244       1
      192.168.0.0    255.255.255.0    192.168.201.1  192.168.201.100      1
    192.168.201.0    255.255.255.0  192.168.201.100  192.168.201.100      1
  192.168.201.100  255.255.255.255        127.0.0.1       127.0.0.1       1
  192.168.201.255  255.255.255.255  192.168.201.100  192.168.201.100      1
        224.0.0.0        224.0.0.0     64.10.90.244    64.10.90.244       1
        224.0.0.0        224.0.0.0  192.168.201.100  192.168.201.100      1
  255.255.255.255  255.255.255.255     64.10.90.244         1000003       1
Default Gateway:      64.10.90.244
===========================================================================
Persistent Routes:
  None

Here are both of my config files:

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
;dev tap
dev tap

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote biond.dyndns.org 5000
;remote my-server-2 5000

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.
ca my-ca.crt
cert home.crt
key home.key

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo

# Set log file verbosity.
verb 4

# Silence repeating messages
;mute 20


########################
# Server side
#
#
# Sample OpenVPN configuration file for
# office using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tap
proto udp
port 5000

# 10.1.0.1 is our local VPN endpoint (office).
# 10.1.0.2 is our remote VPN endpoint (home).
; ifconfig 10.1.0.1 10.1.0.2

# Our up script will establish routes
# once the VPN is alive.
; up /etc/openvpn/office.up

# Our pre-shared static key
; secret /etc/openvpn/static.key

tls-server
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/my-ca.crt
cert /etc/openvpn/office.crt
key /etc/openvpn/office.key

#
# Server config
#

mode server
ifconfig 192.168.201.1 255.255.255.0
ifconfig-pool 192.168.201.100 192.168.201.150
push "route 192.168.0.0 255.255.255.0"
push "route-gateway 192.168.201.1"

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface.  Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0.  Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients.  Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive.  Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection.  For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 4

duplicate-cn

################################

Any help is greatly appreciated.

Thanks,
Stephane.



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users