[Openvpn-users] Routing problem on routed VPN (more the 2 networks)

["Postfix Mailing List" <postfix@xxxxxxxxxx>]

Hi all, 

Please let me very verbose in my explanation and don't delete hurry this 
email... 

I am trying to setup a VPN Server connection between N>2 networks. 

Each network has almost the same configuration as you see below:
LAN1 Stations ------- eth1 (192.168.0.1/24)--|GR1|--eth0 (82.75.32.12/24) 

GR1 is a linuxbox which has 2 network interface (eth0, eth1) and is acting 
as router/gateway for internal net, Lan1. 

I setup a dedicated computer located in our public network 
82.75.32.12.0/24(named here VPNS) to act as VPN server (is a linuxbox too) 
which has only one network card and is used to handle all VPN connections 
through it. 

LAN1---- eth1---|GR1|-----eth0
IP Public eth0 82.75.32.12/24
IP Privat eth1 192.168.1.1/24, gateway and WINS server for LAN1
LAN1: 192.168.1.0/24 

LAN2---- eth1---|GR2|-----eth0
IP Public eth0 82.75.32.13/24
IP Privat eth1 192.168.2.1/24, gateway and WINS server for LAN2
LAN2: 192.168.2.0/24 

VPNS (only one ethernet card)
IP Public: 82.75.32.100/24 

In my setup, has been used 10.1.0.0/24 as OPENVPN virtual network class. 

Here comes ovpn.conf from our linux VPNS: 

### ovpn.conf ###
port 1194
proto udp
dev tap
mode server
tls-server
dh dh2048.pem
tls-auth ta.key 0
ca ca.crt
cert server_cert.crt
key server_cert.key 

# Define the server's virtual address and subnet
ifconfig 10.1.0.1 255.255.255.0
# Pool of IP addresses used by OpenVPN's DHCP server to be allocated
ifconfig-pool 10.1.0.100 10.1.0.150 255.255.255.0
# Push default gateway
push "route-gateway 10.1.0.1"
# Push route to clients to bind it to our local virtual endpoint
push "route 10.1.0.0 255.255.255.0 10.1.0.1"
# Push DNS server entries to openvpn clients
push "dhcp-option DNS 10.1.0.1"
# Push WINS server entries to openvpn clients
push "dhcp-option WINS 10.1.0.1" 

mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
keepalive 10 60
client-to-client
duplicate-cn
user nobody
group nobody
persist-key
persist-tun
comp-lzo
verb 4 

In our internal LAN, are Windows computers (2k and XP):
On each networked windows station, i installed 
openvpn-2.0_rc16-gui-1.0-rc4-install.exe, and client config file is comming 
here: 

### global-client.ovpn windows ###
client
port 1194
proto udp
dev tap
remote 82.75.32.100 

tls-client
dev-node tap-vpn
ns-cert-type server
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
pull
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
comp-lzo
verb 4 

What is happen now: 

Connection from CompA (a W2K station, located in LAN1) to VPNS is working 
fine. On VPNS i installed samba and configured as WINS server for 
10.1.0.0/24 virtual network. 

ping from VPNS (10.1.0.1) to CompA (10.1.0.105) ok
ping from CompA (10.1.0.5) to VPNS (10.1.0.101) ok 

OpenVPN's DHCP server is working too ... 

se below what see ipconfig /all on CompA 

Ethernet adapter tap-vpn: 

      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : TAP-Win32 Adapter V8
      Physical Address. . . . . . . . . : 00-FF-D1-E6-89-EE
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      IP Address. . . . . . . . . . . . : 10.1.0.105
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . :
      DHCP Server . . . . . . . . . . . : 10.1.0.0
      DNS Servers . . . . . . . . . . . : 10.1.0.1
      Primary WINS Server . . . . . . . : 10.1.0.1
      Lease Obtained. . . . . . . . . . : 4 martie 2005 17:44:43
      Lease Expires . . . . . . . . . . : 4 martie 2006 17:44:43 

Ethernet adapter Local Area Connection: 

      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Xircom CardBus Ethernet II
      Physical Address. . . . . . . . . : xxxxxxxxxxx
      DHCP Enabled. . . . . . . . . . . : No
      IP Address. . . . . . . . . . . . : 192.168.1.74
      Subnet Mask . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . : 192.168.1.1
      DNS Servers . . . . . . . . . . . : 193.226.0.1
                                          80.97.0.1
      Primary WINS Server . . . . . . . : 192.168.1.1 

I can see booth VPNS-WORKGROUP and LAN1-WORKGROUP in Microsoft Windows 
Network, and i can acces shares from SAMBA filserver from VPNS server. 

If another computer CompB located in LAN1 is accesing the server (and will 
lease for ex IP 10.1.0.4 from VPNS), i have problems:
- no ping between CompA and CompB
- ping only between CompB and VPNS or from VPNS to CompB
- if CompB is a WinXP, just LAN1-WORKGROUP is apearing in Microsoft Windows 
Network, VPNS-WORKGROUP being invisible, but ....i can access shares from 
VPNS typeing direct name of samba share, for example: \\fileserver 

If another WindowsXP computer CompC located in LAN2 is connecting to VPNS, i 
will have the same problem:
- no ping from CompC (LAN2) to CompA or CompB (LAN1) ... just to/from VPNS
- just LAN2-WORKGROUP is apearing in Microsoft Windows Network, 
VPNS-WORKGROUP being invisible, but i can access \\fileserver as above 

OBS: All windows computers used for test has firewall disabled! 

As you can see, it seems to be a problem with routes on each VPN client, but 
i have no idea what is wrong, where and/or what is missing. Can anybody help 
me? 

Regards,
Alex


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users