[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN Routing Issue


  • Subject: Re: [Openvpn-users] OpenVPN Routing Issue
  • From: "Peter Roddan" <proddan@xxxxxxxxxxx>
  • Date: Mon, 14 Jan 2008 10:55:58 -0000

Hi Jan,

Thanks for your help and sorry for the confusion!
Just to clarify....

VPN Server - Can ping VPN Client and all machines on the VPN Client LAN
VPN Server LAN - Can Ping VPN Server and all machines on the VPN Client
LAN

VPN Client - Can ping VPN server ONLY. Unable to PING anything else on
the server LAN
VPN Client LAN - Can ping VPN server and all machines on the VPN server
LAN.

Hope this clears it up!
Both server and client are running Windows 2003 Server R2.

Server has one nic and is NOT the default gateway on the server LAN, but
route has been added onto the Server LAN default gateway (cisco 1600)

Client openvpn box has 2 NICs, one connecting to ADSL router, one
connecting to Client LAN. Routing and remote access NOT installed, but
the IPENABLEROUTER key has been changed to 1 in the registry.

ADSL router NIC IP is 192.168.13.253 subnet 255.255.255.0
Client LAN NIC IP is 192.168.3.254 subnet 255.255.255.0

Client OpenVPN box is default gateway for the rest of the PCs on the
CLIENT LAN (192.168.3.x)

The routing table for the client openvpn box is :


IPv4 Route Table
========================================================================
===
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 8a e7 d0 47 ...... TAP-Win32 Adapter V8
0x10004 ...00 18 71 ea e4 33 ...... HP NC110T PCIe Gigabit Server
Adapter
0x10005 ...00 1c c4 ae 1f ad ...... HP NC320i PCIe Gigabit Server
Adapter
========================================================================
===
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0   192.168.13.254   192.168.13.253
20
         10.1.1.0    255.255.255.0        10.8.0.13        10.8.0.14
1
         10.8.0.1  255.255.255.255        10.8.0.13        10.8.0.14
1
        10.8.0.12  255.255.255.252        10.8.0.14        10.8.0.14
30
        10.8.0.14  255.255.255.255        127.0.0.1        127.0.0.1
30
   10.255.255.255  255.255.255.255        10.8.0.14        10.8.0.14
30
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1
1
      192.168.3.0    255.255.255.0    192.168.3.254    192.168.3.254
20
    192.168.3.254  255.255.255.255        127.0.0.1        127.0.0.1
20
    192.168.3.255  255.255.255.255    192.168.3.254    192.168.3.254
20
     192.168.13.0    255.255.255.0   192.168.13.253   192.168.13.253
20
   192.168.13.253  255.255.255.255        127.0.0.1        127.0.0.1
20
   192.168.13.255  255.255.255.255   192.168.13.253   192.168.13.253
20
        224.0.0.0        240.0.0.0        10.8.0.14        10.8.0.14
30
        224.0.0.0        240.0.0.0    192.168.3.254    192.168.3.254
20
        224.0.0.0        240.0.0.0   192.168.13.253   192.168.13.253
20
  255.255.255.255  255.255.255.255        10.8.0.14        10.8.0.14
1
  255.255.255.255  255.255.255.255    192.168.3.254    192.168.3.254
1
  255.255.255.255  255.255.255.255   192.168.13.253   192.168.13.253
1
Default Gateway:    192.168.13.254
========================================================================
===
Persistent Routes:
  None




Routing table for the server openvpn box is :

IPv4 Route Table
========================================================================
===
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 80 ac d3 f6 ...... TAP-Win32 Adapter V8
0x10004 ...00 13 21 1b d5 b2 ...... HP Network Team #1
========================================================================
===
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0       10.1.1.254        10.1.1.46
20
         10.1.1.0    255.255.255.0        10.1.1.46        10.1.1.46
20
        10.1.1.46  255.255.255.255        127.0.0.1        127.0.0.1
20
         10.8.0.0  255.255.255.252         10.8.0.1         10.8.0.1
30
         10.8.0.0    255.255.255.0         10.8.0.2         10.8.0.1
1
         10.8.0.1  255.255.255.255        127.0.0.1        127.0.0.1
30
   10.255.255.255  255.255.255.255        10.1.1.46        10.1.1.46
20
   10.255.255.255  255.255.255.255         10.8.0.1         10.8.0.1
30
     62.49.61.223  255.255.255.255         10.1.1.1        10.1.1.46
1
     62.49.68.110  255.255.255.255         10.1.1.1        10.1.1.46
1
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1
1
      192.168.1.0    255.255.255.0         10.8.0.2         10.8.0.1
1
      192.168.3.0    255.255.255.0         10.8.0.2         10.8.0.1
1
     192.168.10.0    255.255.255.0         10.8.0.2         10.8.0.1
1
     192.168.13.0    255.255.255.0         10.8.0.2         10.8.0.1
1
   194.78.203.193  255.255.255.255         10.1.1.1        10.1.1.46
1
        224.0.0.0        240.0.0.0        10.1.1.46        10.1.1.46
20
        224.0.0.0        240.0.0.0         10.8.0.1         10.8.0.1
30
  255.255.255.255  255.255.255.255        10.1.1.46        10.1.1.46
1
  255.255.255.255  255.255.255.255         10.8.0.1         10.8.0.1
1
Default Gateway:        10.1.1.254
========================================================================
===
Persistent Routes:
  None



Hope I've explained this well enough!

Thanks,

Peter.


-----Original Message-----
From: Jan Just Keijser [mailto:janjust@xxxxxxxxx] 
Sent: 14 January 2008 02:06
To: Peter Roddan
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] OpenVPN Routing Issue

Hi Peter,

plz post the routing table of your VPN client machine after connecting; 
this is definitely a routing issue. Also, I was a bit confused by your 
answer; please read your previous answer again and make sure that you're

not mixing client and server


An "old style" config does not use any certificates but uses pre-shared 
keys instead. It is not related to tun or tap setups. In its simplest 
form an old style config looks something like

# client
remote server-IP
port 1194
dev tun
ifconfig 10.200.0.1 10.200.0.2
secret c:\program files\openvpn\keys\secret.txt ## a text file 
containing the PSK
route 10.1.1.0 255.255.255.0
tun-mtu 1500
comp-lzo
# add other openvpn config commands here...


# server
remote client-IP
port 1194
dev tun
ifconfig 10.200.0.2 10.200.0.1 ## note the reversal of IPs!
secret c:\program files\openvpn\keys\secret.txt ## a text file 
containing the PSK
route 192.168.3.0 255.255.255.0
tun-mtu 1500
comp-lzo
# add other openvpn config commands here...

This is also explained quite well in the openvpn HOWTO page on 
http://openvpn.net

HTH,

JJK





Registered in UK. Registered Number 561496. Registered Office: Ocean House, The Ring, Bracknell, Berkshire. BG12 1AN



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.clearswift.com
**********************************************************************

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users