Solved

OpenVPN clients can see each other but not the server

Posted on 2008-10-22
3
275 Views
Last Modified: 2009-08-19
Here is my scenario:
Multiple client machines (XP and linux) IP: 10.50.50.6,10,26,etc.
Single Server (Win2003 server) IP: 10.50.50.1

I setup openvpn on the server, generated the keys, and set the client-to-client flag.
Everything works beautifully between the clients, BUT... the clients can not ping the server either by name or IP.  no software firewalls are installed on the server, and the clients all have their tfirewalls urned off.  Can someone help me configure this beastie to allow the clients to ping the server and vice-versa?
Attached is my server.ovpn file.  Any ideas?
port 1194

proto udp

dev tun

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

server 10.50.50.0 255.255.255.0

ifconfig-pool-persist ipp.txt

client-to-client

keepalive 10 120

comp-lzo

persist-key

persist-tun

status openvpn-status.log

verb 3

Open in new window

0
Comment
Question by:Digital_Skream
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
m_adamczyk earned 500 total points
ID: 22801990
I believe the problem is that you're using dev tun (for routed tunnel) yet you're specifying the same subnet for the server and the remote clients (a bridged tunnel).

The line "client-to-client" is was allows your clients to reach each other.

Easiest fix will be to change the server config file to specify a different subnet for your clients, so change
server 10.50.50.0 255.255.255.0
to something like
server 10.50.51.0 255.255.255.0

Also include in the server config
push "route 10.50.50.0 255.255.255.0"
so your remote clients know how to access LAN IPs.

Alternatively, you could leave your settings as they are and change your server config to use dev tap but then you have to make more changes to the server config file AND to the client config files. The long term advantages then include DNS info passing over your VPN tunnel (among other benefits).

Hope this helps.
0
 
LVL 1

Author Comment

by:Digital_Skream
ID: 22802001
Actually, I solved the problem myself about 3 hours ago, and just hadn't updated this question.
The problem was that the server had RRAS turned on, and the Windows firewall settings were prohibiting the transmission of data.
I disabled the RRAS (wasn't beign used at this point), and turned ON the windows firewall/ICS.  Then, I edited the settings for the windows firewall and excluded the openvpn tun adapter.
Everything works fine.
However, since you were the only person in 3 days to post an answer to my question, right or not, i will give you the points!
Thanks anyways!
0
 
LVL 2

Expert Comment

by:m_adamczyk
ID: 22947527
Thanks for the points, and especially for the update - it will be helpful for me to know when configuring OpenVPN on other Windows Servers. Glad to see it's working for you. I've been very please with OpenVPN's reliability and stability after getting through the challenging configuration.

Cheers!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5510 VPN Bandwidth Throttling 8 115
Sonicwall SOHO SSL-VPN no LAN Access 5 72
Printer locally over VPN 2 65
SSL VPN 3 20
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now