VPN connection using

Posted on 2009-02-11
Last Modified: 2012-05-06
I want to connect my PC from home (client = Vista Business) with my server from the data center (Server = Windows 2003) using
I installed the OpenVPN software on both the server and the client. The server is behind and OpenBSD firewall, where I forwarded port 1194 to the Windows Server.
When I launch the VPN on both the server and the client, it says Connected and it assigns an IP to my client.
However, ping to the server from the client (or vice-versa) does not work.
The Server has the Windows firewall disabled.

If I install the OpenVPN client on another machine behind the OpenBSD firewall and in the same network as the Server, it works.
So the problem is with my OpenBSD firewall.

Do I have to open other ports as well besides 1192 or make some special configuration on OpenBSD to allow tunneling?
Question by:mihaisz
    LVL 76

    Expert Comment

    What routes are you passing to the openVPN client from the server?
    What IP are you pinging (the openVPN server IP)?  Is the IP listed when you get netstat -rn on the server  or are you trying to ping the Public IP that the OpenBSD box have?
    Any reason why you did not setup the openVPN server on the openBSD box?

    If the OpenVPN connection is established, your setup seems complete.  You need to double check what IP you are using to ping the server.
    If you could post, netstat -rn from the workstation.

    looking for the openVPN IP and what routes are added referencing this IP.

    Author Comment

    I'm trying to ping the IPs shown by ipconfig from the other end.
    I tried this in both directions.
    I attached the listing from ipconfig and netstat -rn from both client and server.

    I'like to set it up on the Windows machine since I have no experience with OpenBSD.

    LVL 76

    Expert Comment

    I think the openVPN IP that gets set on the client needs to be a host netmask and not has as its segment while your openVPN server IP is
    Post your openVPN config minus any identifying, password/passphrase/certificate information.

    Author Comment

    I've uploded both the client and the server config files.
    I use UDP. Should I use TCP instead?
    The firewall is blocking the transfers since the connection established and it works behind the firewall.
    LVL 76

    Expert Comment

    TCP might be a better approach.

    When you are testing with a workstation that has the same LAN IP, how sure are you that you are not getting to the server through the 192.168.x.x IP?
    Not sure where you are getting the netmask for the OpenVPN adapter.
    Can you post the netstat -rn from the workstation on the LAN before and after the openVPN connection is made?

    In the server config, you are not pushing any routes to the openVPN clients.

    Author Comment

    Good point: the LAN PC might use the LAN connection...
    I attached the route table from that PC before and after connecting to the OpenVPN server.

    I tried to swith to TCP but it did not work. I've put it back to UDP for now.

    Accepted Solution

    The problem was with the Vista client: Microsoft added some extra security compared with XP.
    It needed the following entries in the client config file and not it works:

    route-method exe
    route-delay 2

    In order to see other computers from the OpenVPN's server's network I also had to configure NAT as described in:

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    Let’s list some of the technologies that enable smooth teleworking. 
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now