[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] - remote client unable to ping clients on server's LAN (route problem)

  • Subject: Re: [Openvpn-users] - remote client unable to ping clients on server's LAN (route problem)
  • From: "Jeff Crocker" <jeffcrocker@xxxxxxxxx>
  • Date: Mon, 4 Jun 2007 05:59:11 -0700

Thanks Peter.

Your description is perfect! It's crystal clear. Unfortunately my
D-Link router does not have advanced routing capabilities. It's a
reliable old DI-614 (never needs a reboot!) that has great
performance. It has served me well since '02.

In its place I'm going to get a Buffalo WHR-G54S that I've had great
success loaded with DD-WRT for clients. Best Buy has them for $50
(getting harder to find online).

Thanks again. I appreciate your time. You made my day! I've spent
close to 8 hours experimenting/surfing the web for tips regarding this
issue. Your description is the FIRST that I've read that clearly
explains the necessary configuration. Hopefully others will benefit as

Have a great week! You deserve it!


On 6/4/07, Peter Barwich <pbarwich@xxxxxxxxxxx> wrote:
> Jeff,
> This one threw me for a while too.
> Your VPN client knows how to find machines on your LAN; your 'push
> "route"' statement tells them to update their
> routing tables so that they know the way. The problem is that machines
> on your LAN don't know the way to the VPN, so they can't respond to a
> ping. Your LAN has TWO gateways; one for the LAN which is;
> your D-Link router, and one for the VPN which is on the VPN server; a
> dual homed machine with IPs AND Your D-Link
> router knows where all your LAN machines are but it has no clue where
> your VPN gateway is, and hence cannot route packets to other machines on
> your VPN. I'm not sure of the configuration windows for the D-Link
> router; on my Linksys router you go to setup/advanced routing, and there
> you add a route that tells the router how to send packets to the VPN.
> Destination LAN IP, subnet mask and gateway
> Once that is entered in your router knows to send any
> packet intended for any machine on your VPN to your VPN server, which,
> in turn, knows where the particular VPN machine is.
> When this is done your client knows where your LAN machines are, and
> your LAN machines know how to reach your client so you have communication.
> Note that you can also make all your LAN machines have openvpn running
> and they can get VPN addresses AS WELL as their LAN addresses. Then, if
> you have 'client-to-client' directive in your VPN server config file,
> the clients will see each other over the VPN WITHOUT a route being set
> in your D-Link router. It's a bit more complex, but it means that if you
> move one of your LAN machines (say a laptop) to a different internet
> access point it will still be able to see all your VPN network
> (providing the port you've used for VPN is not blocked by the local ISP)
> Good luck,
> Peter
> >
> > I want the remote client to be able to communicate with other
> > computers/printers/etc on the VPN server's LAN (
> >
> > OpenVPN Server…
> > LAN IP:
> > SM:
> > GW: (D-Link router)
> > DNS:
> > VPN IP:
> >
> > Remote Client…
> > LAN IP:
> > SM:
> > GW: (Linksys router)
> > DNS:
> > VPN IP:
> >
> > I have added "push "route"" to the OpenVPN
> > server's config. I understand that I must add a route on the remote
> > client in order to find other clients on the OpenVPN Server's LAN.
> > This is where I'm confused…
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

  Jeff Crocker
  Computer Guy

OpenVPN mailing lists