[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN Routing Issue


  • Subject: Re: [Openvpn-users] OpenVPN Routing Issue
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Sat, 12 Jan 2008 03:14:40 +0100

Hi Peter,

so the server can reach all machines on the client LAN except the client 
itself? Congrats, at least you have managed to set up a net-to-net 
config ;-)
The 'iroute' and 'route' statements are fine, and are definitely 
required for net-to-net setups.

if you cannot ping/connect to the VPN client itself then my first bet 
would be a firewalling issue on the VPN client side. Can you try 
loosening/removing the firewall on the TAP-win32 adapter on the VPN client?

Another option is to not use an openvpn client/server setup like you 
have done now. If all you're trying to do is connect two LANs using a 
secure tunnel then an "old style" openvpn peer-to-peer config will work 
just as well (or perhaps even better).

HTH,

JJK

Peter Roddan wrote:
>
> Hi Everyone,
>
> I’m a new-ish user to OpenVPN, and I’m having a small issue with it..
>
> I’m using it to run a VPN to a new remote office that I am setting up.
>
> I have an openVPN server running here in our main office. It runs on 
> Windows 2003, site here on our LAN (10.1.1.0) and has the appropriate 
> port forwarded to it from our Cisco PIX firewall.
>
> The satellite office openVPN is also running on Windows 2003 
> (192.168.3.0). I’ve not installed routing and remote access as I’ve 
> read this can cause problems, but I have manually enabled IP routing 
> in the registry. The same has been done on the server.
>
> I’ve created a basic tunnel config for the server and the client. The 
> VPN connects ok, and I can ping server to client and client to server 
> using the VPN IP addresses.
>
> I’ve pushed the server LAN route through to the client (push "route 
> 10.1.1.0 255.255.255.0"), and have included the client IP also (route 
> 192.168.3.0 255.255.255.0).
>
> I have a file with the same name as the client cerfiticate in the CCD 
> folder, with the line “iroute 192.168.3.0 255.255.255.0” in it.
>
> Finally, I have added a route to the 192.168.3.0 network on the router 
> that is the default gateway in the main office.
>
> The default gateway in the satellite office is the VPN server.
>
> Now comes my problem.
>
> From the VPN server I can ping the VPN client using it’s real IP 
> address. I can also ping any machines on the VPN client local LAN – great!
>
> However, I can’t seem to be able to ping anything on the Server side 
> LAN from the VPN client machine. I can ping the VPN server by it’s 
> real IP (10.1.1.46), but can’t ping anything else on that LAN. A 
> tracert shows the traffic routing to 10.8.0.1 (which I believe is the 
> IP of the Server VPN adapter) but it times out from then on.
>
> At first I thought it was a problem with the routing on the server 
> side lan, but then I realised that any other PC on the client side LAN 
> can ping anything on the server side LAN. It’s only the VPN client 
> itself that can’t ping anything on the server LAN.
>
> I’ve read through the documentation several times, but can’t seem to 
> find out where I’ve gone wrong.
>
> Any assistance that anyone can give me will be greatly appreciated!
>
> Thanks,
>
> Peter.
>
> * *
>
> Registered in UK. Registered Number 561496. Registered Office: Ocean 
> House, The Ring, Bracknell, Berkshire. BG12 1AN
>
> * *
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
>
> intended solely for the use of the individual or entity to whom they
>
> are addressed. If you have received this email in error please notify
>
> the system manager.
>
> This footnote also confirms that this email message has been swept by
>
> MIMEsweeper for the presence of computer viruses.
>
> www.clearswift.com
>
> **********************************************************************
>

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users