OpenVPN Question or VPN question

Hello

I have installed OpenVPN in my server with default VPN server config file. Now I connected from my XP desktop to it, I'm connected. But it is not my internet gateway...

How can I make OpenVPN server also become my internet gateway like VPN servers?

If you think OpenVPN is not able to do so, tell me a software name that does this. I mean a VPN server which can become my internet gateway.

THANKS from NOW!
LVL 17
CSecurityAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ravenplCommented:
edit the openvpn server config, uncomment line
push "redirect-gateway"
0
ravenplCommented:
Restart openvpn server.
0
CSecurityAuthor Commented:
Hi.

This is my server config file, please tell me what should I do, I removed and added redirect-gateway and it not works.

Thanks
local xxx.xxx.xxx.xxx
port xxxx
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server xx.xx.xx.xx 255.255.255.0
push "redirect-gateway def1"
push "route xx.xx.xx.xx 255.255.255.0"
push "dhcp-option DNS xx.xx.xx.xx"
push "dhcp-option WINS xx.xx.xx.xx"
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 0

Open in new window

0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

ravenplCommented:
With the redirect-gateway option it should work. Have You restarted both, client and server after config changed?
How do You verifying that the default gw is not changed?
0
CSecurityAuthor Commented:
I restarted with given config file, not works
0
ravenplCommented:
It works for me using linux as server, windows as client with just
push "redirect-gateway"
in server's config (not client)

Again, how You verifying it's not working?
0
CSecurityAuthor Commented:
I run openvpn.exe with a config file in my windows. Here is my client:


client
dev tun
proto tcp
 
remote X xxxx
 
resolv-retry infinite
 
nobind
 
persist-key
persist-tun
 
ca ca.crt
cert client.crt
key client.key
show-net-up
verb 0

Open in new window

0
ravenplCommented:
If You run Windows Vista, You have to set openvpn.exe properties to be run as administrator.
You still haven't told me how You verifying that the route have not changed?

Also, You may want to add to client's config
tls-client
pull
#increase verbosity for testing purpose
verb 3

Also, You may want to add to server's config
mode server
tls-server
#already there push "route xx.xx.xx.xx 255.255.255.0"
push "route-gateway xx.xx.xx.yy"
#modify to give real IP
push "dhcp-option DNS xx.xx.xx.yy"
push "dhcp-option WINS xx.xx.xx.yy"
0
CSecurityAuthor Commented:
I modified as you said, I don't see default gateway in my connection properties and not works :(
0
CSecurityAuthor Commented:
When I run server I get this:


Tue Jan 29 19:22:21 2008 OpenVPN 2.0.9 i386-redhat-linux-gnu [SSL] [EPOLL] built on Jan 29 2008
Tue Jan 29 19:22:21 2008 Diffie-Hellman initialized with 1024 bit key
Tue Jan 29 19:22:21 2008 TLS-Auth MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Jan 29 19:22:21 2008 TUN/TAP device tun0 opened
Tue Jan 29 19:22:21 2008 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Tue Jan 29 19:22:21 2008 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Tue Jan 29 19:22:21 2008 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Tue Jan 29 19:22:21 2008 Listening for incoming TCP connection on ABCD:1194
Tue Jan 29 19:22:21 2008 TCPv4_SERVER link local (bound): ABCD:1194
Tue Jan 29 19:22:21 2008 TCPv4_SERVER link remote: [undef]
Tue Jan 29 19:22:21 2008 MULTI: multi_init called, r=256 v=256
Tue Jan 29 19:22:21 2008 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Jan 29 19:22:21 2008 MULTI: TCP INIT maxclients=1024 maxevents=1028
Tue Jan 29 19:22:21 2008 Initialization Sequence Completed
0
ravenplCommented:
please, after You establish connection from windows to linux, issue on windows command prompt following command
route print
it should show default route - where it's set?

Also, it's possible that there were some errors setting parameters pulled from server - with verb 3 or even higher, You should be able to see those.
0
CSecurityAuthor Commented:
There is gateway for my real internet connection and new connection, but I can't see gateway rout in connection when I double click on connection icon and in details tab. But I see that in route print.

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    xxx.xxx.xxx.1  MYREALIP      30
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0      255.255.0.0    MYLOCALNET   MYLOCALNET       20
    MYLOCALNET  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.10.255  255.255.255.255    MYLOCALNET   MYLOCALNET       20
    xxx.xxx.xxx.0    255.255.252.0  MYREALIP  MYREALIP      30
  MYREALIP  255.255.255.255        127.0.0.1       127.0.0.1       30
  MYREALIP  255.255.255.255  MYREALIP  MYREALIP      30
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0    MYLOCALNET   MYLOCALNET       20
        224.0.0.0        240.0.0.0  MYREALIP  MYREALIP      30
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255    MYLOCALNET   MYLOCALNET       1
  255.255.255.255  255.255.255.255  MYREALIP  MYREALIP      1
Default Gateway:     MYREALIPSGATEWAY
0
ravenplCommented:
Look over the debugging information shown if connection is run manually.
Also, as I said before - if it's Vista it have to be run as admnistrator (openvpn.exe properties)
0
CSecurityAuthor Commented:

It's here, it says I don't get gateway IP from vpn server.

SYSTEM ADAPTER LIST
TAP-Win32 Adapter V8 - Packet Scheduler Miniport
  Index = 1179653
  GUID = {9C478583-B59D-48F4-9627-118EDB993A12}
  IP = 10.8.0.6/255.255.255.252
  MAC = 00:ff:9c:47:85:83
  GATEWAY =  
  DHCP SERV = 10.8.0.5
  DHCP LEASE OBTAINED = Tue Jan 29 23:00:55 2008
  DHCP LEASE EXPIRES  = Wed Jan 28 23:00:55 2009
  PRI WINS = 10.8.0.1/0.0.0.0
  SEC WINS = 0.0.0.0/0.0.0.0
D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.C) - Packet Scheduler Miniport
  Index = 2
  GUID = {54E80B4B-E214-49F5-9A6A-D3F5B19EE7D0}
  IP = MYIP/255.255.252.0
  MAC = 00:15:e9:82:3c:1e
  GATEWAY = MYIPSGATEWAY/0.0.0.0
  DHCP SERV = MYIPDHCPSERVER
  DHCP LEASE OBTAINED = Tue Jan 29 22:47:37 2008
  DHCP LEASE EXPIRES  = Wed Jan 30 04:47:37 2008
Macronix MX98715-Based Ethernet Adapter (Generic) - Packet Scheduler Miniport
  Index = 3
  GUID = {E4162C26-CDE4-4187-A41A-C440E6A26CAA}
  IP = MYLOCALNETWORKIP/255.255.0.0
  MAC = 00:10:b5:12:0b:e9
  GATEWAY =  
0
ravenplCommented:
It's not there. The routes are not part of dhcp options, therefore they will not be shown under connection properties info.

Please right-click on xxx.ovpn file, start connection - it should show You text box with debugging info (if You set verb 3 or higher), check for pulled options and possible errors.

Once again - is it Vista?
0
CSecurityAuthor Commented:
It's not Vista, what you are looking for in log, yes its' verb 3.
0
CSecurityAuthor Commented:
In end of running it I see this:

Tue Jan 29 23:25:32 2008 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
0
CSecurityAuthor Commented:
And to clarify some issues, my firewall is completely DISABLED and my DHCP client is running.
0
ravenplCommented:
Lines like
SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.7.7.1,redirect-gateway,dhcp-option DNS 192.168.0.1,dhcp-option WINS 192.168.0.1,route-gateway 10.7.7.1,ping 10,ping-restart 60,ifconfig 10.7.7.11 255.255.255.0'
0
CSecurityAuthor Commented:
Here it is:
Tue Jan 29 23:25:02 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jan 29 23:25:03 2008 PUSH: Received control message: 'PUSH_REPLY,route-gatew
ay 10.8.0.1,dhcp-option DNS 10.8.0.1,dhcp-option WINS 10.8.0.1,route 10.8.0.1,pi
ng 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Jan 29 23:25:03 2008 OPTIONS IMPORT: timers and/or timeouts modified
0
ravenplCommented:
quite short, huh? You sure You've been restarting openvpn on server machine(after config changes?)

BTW: what are those error messages You mentioned earlier - they should be in the debug output as well.

Also, why You are using tun device (You probably should use tap as tun is limited to 255.255.255.252 netmask under Windows machines)
0
CSecurityAuthor Commented:
Here is more details, and I can't see error, it says check that link no more details.
I'm running client it in WIN XP and now I'll change tun to tap and yes I always restart server service and process.

Tue Jan 29 23:25:00 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Tue Jan 29 23:25:00 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
 for HMAC authentication
Tue Jan 29 23:25:00 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 1024 bit RSA
Tue Jan 29 23:25:00 2008 [server] Peer Connection Initiated with 204.15.77.182:1
194
Tue Jan 29 23:25:02 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jan 29 23:25:03 2008 PUSH: Received control message: 'PUSH_REPLY,route-gatew
ay 10.8.0.1,dhcp-option DNS 10.8.0.1,dhcp-option WINS 10.8.0.1,route 10.8.0.1,pi
ng 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Jan 29 23:25:03 2008 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 29 23:25:03 2008 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 29 23:25:03 2008 OPTIONS IMPORT: route options modified
Tue Jan 29 23:25:03 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options
 modified
Tue Jan 29 23:25:03 2008 TAP-WIN32 device [Local Area Connection 6] opened: \\.\
Global\{9C478583-B59D-48F4-9627-118EDB993A12}.tap
Tue Jan 29 23:25:03 2008 TAP-Win32 Driver Version 8.4
Tue Jan 29 23:25:03 2008 TAP-Win32 MTU=1500
Tue Jan 29 23:25:03 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
0.8.0.6/255.255.255.252 on interface {9C478583-B59D-48F4-9627-118EDB993A12} [DHC
P-serv: 10.8.0.5, lease-time: 31536000]
Tue Jan 29 23:25:03 2008 Successful ARP Flush on interface [1245189] {9C478583-B
59D-48F4-9627-118EDB993A12}
Tue Jan 29 23:25:03 2008 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Jan 29 23:25:03 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:04 2008 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Tue Jan 29 23:25:04 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:05 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:05 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:06 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:06 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:08 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:08 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:09 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:09 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:10 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:10 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:11 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:11 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:12 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:12 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:14 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:14 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:15 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:15 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:16 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:16 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:18 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:18 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:19 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:19 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:20 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:20 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:21 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:21 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:22 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:22 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:24 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:24 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:25 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:25 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:26 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:26 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:28 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:28 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:29 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:29 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:30 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:30 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:31 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:31 2008 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 29 23:25:32 2008 TEST ROUTES: 0/1 succeeded len=1 ret=0 a=0 u/d=up
Tue Jan 29 23:25:32 2008 OpenVPN ROUTE: omitted no-op route: 10.8.0.1/255.255.25
5.255 -> 10.8.0.1
0
gheistCommented:
You have to keep route to vpn server.
Let me suggest you use route command before pushing change to OpenVPN server.
0
CSecurityAuthor Commented:
How I can do that?
0
ravenplCommented:
openvpn does it by itself.

You problem is that along other pulled options there's no "redirect-gateway".
Try changing Your server side config from
push "redirect-gateway def1"
to what I use
push "redirect-gateway"
Also, increase server's "verb" level, and consult /var/log/messages for any information regarding redirect-gateway.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.