[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Query for posting - OpenVPN cannot accessinternal subnet


  • Subject: Re: [Openvpn-users] Query for posting - OpenVPN cannot accessinternal subnet
  • From: "David Balazic" <David.Balazic@xxxxxxxxxxxxxxxxxx>
  • Date: Mon, 14 Jan 2008 17:02:10 +0100

Is routing enabled on the PC running the ovpn server ?
 
Regards,
David


From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Garrett O'Gorman
Sent: pon 14-jan-08 15:59
To: Jan Just Keijser
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Query for posting - OpenVPN cannot accessinternal subnet

Hi Jan,
 

I think you may have misunderstood the problem I am having on my openVPN setup; it's a lot to try and explain in a short mail so let me try again.

 

On the Windows XP OpenVPN server

 

Local IP

192.168.2.3

255.255.255.0

192.168.2.1

 

TAP VPN Adapter

192.168.10.1

255.255.255.128

 

Clients are assigned IP addresses in the 192.168.10.0 255.255.255.128 range.

 

When a client connects it successfully receives an IP on the 192.168.10.0 range and can PING

 

192.168.10.1 & 192.168.2.3 addresses (addresses local on the server machine)

 

When I try to ping anything else on the 192.168.2.0 255.255.255.0 subnet I get timeouts. Essentially this means that the VPN is useless as I cannot access any devices on the subnet I am trying to connect to.

 

When I run a tractrt on the client to 192.168.2.1 (the server network's gateway) it only gets as far as the 192.168.10.1 but cannot seem to make the jump through to the actually gateway on 192.168.2.1.

 

I have tried several different mixes of "route add" on the hosts and routes in the ovpn files but cannot seem to get through.

 

Regards,

 

Garrett O'Gorman

 

 

 

 



 
On 1/12/08, Jan Just Keijser <janjust@xxxxxxxxx> wrote:
your config file sets
push "redirect-gateway def1"  # This will force the clients to use the
home network's internet connection

this means "redirect ALL traffic thru the tunnel" and hence you will no
longer be able to connect to the client local LAN anymore . Try removing
this line and see if that helps ;-)


HTH,


JJK

Garrett O'Gorman wrote:
>
> I've seen a number of postings on several sites for this issue but no
> solutions. If anyone has any idea on a fix please mail at
> garrettogorman@xxxxxxxxx <mailto:garrettogorman@xxxxxxxxx> as it is
> driving me crazy at this stage.
>
>
>
> I have installed OpenVPN on a Windows XP Desktop have successfully
> implemented it so that clients can connect and are assigned an IP. The
> problem is that when connected the Client cannot access any recourses
> on the internal network. The IP setup is as follows.
>
>
>
> Server
>
>
>
> IP                     192.168.2.3 < http://192.168.2.3>
>
> Subnet              255.255.255.0 <http://255.255.255.0>
>
> Gateway           192.168.0.1 <http://192.168.0.1>
>
>
>
> IP range for clients
>
>
>
> 192.168.10.0 < http://192.168.10.0>
>
> 255.255.255.128 <http://255.255.255.128>
>
>
>
> When a client connects it is assigned an IP on the 192.168.10.0
> <http://192.168.10.0> range and the client can ping but the virtual
> and physical IP address on the server host but there is no
> connectivity to any other devices on the network on the local subnet.
>
>
>
> When I so an ipconfig on the server host I can see that there is no
> Default Gateway being assigned to the TAP adapter and assume that this
> is the problem. The question is how do I force this to happen?
>
>
>
> My server.ovpn is as follows;
>
>
>
>
>
> local 192.168.2.3 <http://192.168.2.3> # This is the IP address of the
> real network interface on the server connected to the router
>
> port 1194 # This is the port OpenVPN is running on - make sure the
> router is port forwarding this port to the above IP
>
> proto udp # UDP tends to perform better than TCP for VPN
>
> mssfix 1400 # This setting fixed problems I was having with apps like
> Remote Desktop
>
> push "dhcp-option DNS 192.168.2.1 <http://192.168.2.1>"  # Replace the
> Xs with the IP address of the DNS for your home network (usually your
> ISP's DNS)
>
> push "dhcp-option DNS 89.101.160.4 <http://89.101.160.4>"  # A second
> DNS server if you have one
>
> dev tap
>
> #dev-node MyTAP  #If you renamed your TAP interface or have more than
> one TAP interface then remove the # at the beginning and change
> "MyTAP" to its name
>
> ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
>
> cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
>
> key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"  # This
> file should be kept secret
>
> dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
>
> server 192.168.10.0 < http://192.168.10.0> 255.255.255.128
> <http://255.255.255.128>   # This assigns the virtual IP address and
> subent to the server's OpenVPN connection.  Make sure the Routing
> Table entry matches this.
>
> #push "route 192.168.10.0 <http://192.168.10.0> 255.255.255.128
> <http://255.255.255.128> 192.168.2.1 <http://192.168.2.1>"
>
> ifconfig-pool-persist ipp.txt
>
> push "redirect-gateway def1"  # This will force the clients to use the
> home network's internet connection
>
> keepalive 10 120
>
> cipher BF-CBC        # Blowfish (default) encryption
>
> comp-lzo
>
> max-clients 100 # Assign the maximum number of clients here
>
> persist-key
>
> persist-tun
>
> status openvpn-status.log
>
> verb 1 # This sets how detailed the log file will be.  0 causes
> problems and higher numbers can give you more detail for troubleshooting
>
> # lines starting with # or ; will not be read by OpenVPN
>
>
>
> ------------------------------------------------------------------------


-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users