[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Server behind router. Can see/ping server, but not others on server's LAN

  • Subject: Re: [Openvpn-users] Server behind router. Can see/ping server, but not others on server's LAN
  • From: Mi <mi.lists@xxxxxxx>
  • Date: Thu, 07 Feb 2008 15:47:00 +0100

Thank you, it now works!

I had already started replying, when I realized forwarding was not 
active on the server, so I post everything in case it helps someone else.

> Maybe you forgot to specify:
> push "route" 

No, that was OK. See server.conf at end.

> try pinging the OpenVPN address of your server from the LAN, e.g. 
> something like
>  ping
> does that work?

Yes, machines on the server's LAN can ping the VPN server's tun 
interface at
However, they could not ping me (the remote client at

> If yes, then check routing on the openvpn server:
>  cat /proc/sys/net/ipv4/ip_forward

That was the problem! Even though I had done

    echo "net.ipv4.conf.default.forwarding=1" >> /etc/sysctl.conf
    sysctl -p

Checking with "cat /proc/sys/net/ipv4/ip_forward" showed 0. After doing

     echo 1 > /proc/sys/net/ipv4/ip_forward

It now all works.

> what does "there are no iptables rules" mean exactly? plz post the 
> output of 'iptables -L -n -v'

Empty chains INPUT, FORWARD and OUTPUT. All 3 with policy ACCEPT.

> also, posting your client and server config files might also help.

Obviously, the 3 important things are:

- Port forwarding on the server's gateway (at this point, the server is 
accessible but not the rest of it's LAN)

- "Static route" (Zyxel terminology?) config. in the gateway
- "echo 1 > /proc/sys/net/ipv4/ip_forward" on the VPN server

Thanks a lot,


C:\>type "Program Files\OpenVPN\config\client1.ovpn"

dev tun
proto udp

remote remote.gateway.public-ip.tld 1194

resolv-retry infinite

ca ca.pem
cert client1.pem
key client1.key

verb 3

$ cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun

ca   /etc/ssl/certs/ca.pem
cert /etc/ssl/certs/vpn-server.pem
key  /etc/ssl/private/vpn-server.key
dh   /etc/openvpn/dh1024.pem
crl-verify /etc/ssl/crl.pem

ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nogroup
status openvpn-status.log
verb 4

push "route"
push "dhcp-option DNS"
push "dhcp-option WINS"

Openvpn-users mailing list