[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] OpenVPN Routing Issue

  • Subject: Re: [Openvpn-users] OpenVPN Routing Issue
  • From: "Peter Roddan" <proddan@xxxxxxxxxxx>
  • Date: Sun, 13 Jan 2008 19:09:01 -0000

Title: Re: [Openvpn-users] OpenVPN Routing Issue
Hi Jan,
Thanks very much for your assistance!
That's almost correct... Server LAN can reach all on the Client LAN including the Client...
It's the Client that can't reach anything on the Server LAN, except for the Server. However, anything on the Client LAN can reach anything on the Serevr LAN.... it's just the server itself .....
Both client and serevr are running Windows 2003 with no firewall installed - the Windows firewall is not active as the ICS service is not active...
How would I go about setting up an "old style" peer-to-peer config? Would this by a tap config rather than a tun one?

From: Jan Just Keijser [mailto:janjust@xxxxxxxxx]
Sent: Sat 12/01/2008 02:14
To: Peter Roddan
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] OpenVPN Routing Issue

Hi Peter,

so the server can reach all machines on the client LAN except the client
itself? Congrats, at least you have managed to set up a net-to-net
config ;-)
The 'iroute' and 'route' statements are fine, and are definitely
required for net-to-net setups.

if you cannot ping/connect to the VPN client itself then my first bet
would be a firewalling issue on the VPN client side. Can you try
loosening/removing the firewall on the TAP-win32 adapter on the VPN client?

Another option is to not use an openvpn client/server setup like you
have done now. If all you're trying to do is connect two LANs using a
secure tunnel then an "old style" openvpn peer-to-peer config will work
just as well (or perhaps even better).



Peter Roddan wrote:
> Hi Everyone,
> I’m a new-ish user to OpenVPN, and I’m having a small issue with it..
> I’m using it to run a VPN to a new remote office that I am setting up.
> I have an openVPN server running here in our main office. It runs on
> Windows 2003, site here on our LAN ( and has the appropriate
> port forwarded to it from our Cisco PIX firewall.
> The satellite office openVPN is also running on Windows 2003
> ( I’ve not installed routing and remote access as I’ve
> read this can cause problems, but I have manually enabled IP routing
> in the registry. The same has been done on the server.
> I’ve created a basic tunnel config for the server and the client. The
> VPN connects ok, and I can ping server to client and client to server
> using the VPN IP addresses.
> I’ve pushed the server LAN route through to the client (push "route
>"), and have included the client IP also (route
> I have a file with the same name as the client cerfiticate in the CCD
> folder, with the line “iroute” in it.
> Finally, I have added a route to the network on the router
> that is the default gateway in the main office.
> The default gateway in the satellite office is the VPN server.
> Now comes my problem.
> >From the VPN server I can ping the VPN client using it’s real IP
> address. I can also ping any machines on the VPN client local LAN – great!
> However, I can’t seem to be able to ping anything on the Server side
> LAN from the VPN client machine. I can ping the VPN server by it’s
> real IP (, but can’t ping anything else on that LAN. A
> tracert shows the traffic routing to (which I believe is the
> IP of the Server VPN adapter) but it times out from then on.
> At first I thought it was a problem with the routing on the server
> side lan, but then I realised that any other PC on the client side LAN
> can ping anything on the server side LAN. It’s only the VPN client
> itself that can’t ping anything on the server LAN.
> I’ve read through the documentation several times, but can’t seem to
> find out where I’ve gone wrong.
> Any assistance that anyone can give me will be greatly appreciated!
> Thanks,
> Peter.
> * *
> Registered in UK. Registered Number 561496. Registered Office: Ocean
> House, The Ring, Bracknell, Berkshire. BG12 1AN
> * *
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
> www.clearswift.com
> **********************************************************************

Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
Openvpn-users mailing list