[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Query for posting - OpenVPN cannot access internal subnet


  • Subject: Re: [Openvpn-users] Query for posting - OpenVPN cannot access internal subnet
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Sat, 12 Jan 2008 03:19:09 +0100

your config file sets
  push "redirect-gateway def1"  # This will force the clients to use the 
home network's internet connection

this means "redirect ALL traffic thru the tunnel" and hence you will no 
longer be able to connect to the client local LAN anymore . Try removing 
this line and see if that helps ;-)


HTH,


JJK

Garrett O'Gorman wrote:
>
> I've seen a number of postings on several sites for this issue but no 
> solutions. If anyone has any idea on a fix please mail at 
> garrettogorman@xxxxxxxxx <mailto:garrettogorman@xxxxxxxxx> as it is 
> driving me crazy at this stage.
>
>  
>
> I have installed OpenVPN on a Windows XP Desktop have successfully 
> implemented it so that clients can connect and are assigned an IP. The 
> problem is that when connected the Client cannot access any recourses 
> on the internal network. The IP setup is as follows.
>
>  
>
> Server
>
>  
>
> IP                     192.168.2.3 <http://192.168.2.3>
>
> Subnet              255.255.255.0 <http://255.255.255.0>
>
> Gateway           192.168.0.1 <http://192.168.0.1>
>
>  
>
> IP range for clients
>
>  
>
> 192.168.10.0 <http://192.168.10.0>
>
> 255.255.255.128 <http://255.255.255.128>
>
>  
>
> When a client connects it is assigned an IP on the 192.168.10.0 
> <http://192.168.10.0> range and the client can ping but the virtual 
> and physical IP address on the server host but there is no 
> connectivity to any other devices on the network on the local subnet.
>
>  
>
> When I so an ipconfig on the server host I can see that there is no 
> Default Gateway being assigned to the TAP adapter and assume that this 
> is the problem. The question is how do I force this to happen?
>
>  
>
> My server.ovpn is as follows;
>
>  
>
>  
>
> local 192.168.2.3 <http://192.168.2.3> # This is the IP address of the 
> real network interface on the server connected to the router
>
> port 1194 # This is the port OpenVPN is running on - make sure the 
> router is port forwarding this port to the above IP
>
> proto udp # UDP tends to perform better than TCP for VPN
>
> mssfix 1400 # This setting fixed problems I was having with apps like 
> Remote Desktop
>
> push "dhcp-option DNS 192.168.2.1 <http://192.168.2.1>"  # Replace the 
> Xs with the IP address of the DNS for your home network (usually your 
> ISP's DNS)
>
> push "dhcp-option DNS 89.101.160.4 <http://89.101.160.4>"  # A second 
> DNS server if you have one
>
> dev tap
>
> #dev-node MyTAP  #If you renamed your TAP interface or have more than 
> one TAP interface then remove the # at the beginning and change 
> "MyTAP" to its name
>
> ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt" 
>
> cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
>
> key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"  # This 
> file should be kept secret
>
> dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
>
> server 192.168.10.0 <http://192.168.10.0> 255.255.255.128 
> <http://255.255.255.128>   # This assigns the virtual IP address and 
> subent to the server's OpenVPN connection.  Make sure the Routing 
> Table entry matches this.
>
> #push "route 192.168.10.0 <http://192.168.10.0> 255.255.255.128 
> <http://255.255.255.128> 192.168.2.1 <http://192.168.2.1>"
>
> ifconfig-pool-persist ipp.txt
>
> push "redirect-gateway def1"  # This will force the clients to use the 
> home network's internet connection
>
> keepalive 10 120
>
> cipher BF-CBC        # Blowfish (default) encryption
>
> comp-lzo
>
> max-clients 100 # Assign the maximum number of clients here
>
> persist-key
>
> persist-tun
>
> status openvpn-status.log
>
> verb 1 # This sets how detailed the log file will be.  0 causes 
> problems and higher numbers can give you more detail for troubleshooting
>
> # lines starting with # or ; will not be read by OpenVPN
>
>  
>
> ------------------------------------------------------------------------

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users