• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 731
  • Last Modified:

VPN connection using OpenVPN.org

I want to connect my PC from home (client = Vista Business) with my server from the data center (Server = Windows 2003) using http://openvpn.org/index.php/downloads.html 
I installed the OpenVPN software on both the server and the client. The server is behind and OpenBSD firewall, where I forwarded port 1194 to the Windows Server.
When I launch the VPN on both the server and the client, it says Connected and it assigns an IP to my client.
However, ping to the server from the client (or vice-versa) does not work.
The Server has the Windows firewall disabled.

If I install the OpenVPN client on another machine behind the OpenBSD firewall and in the same network as the Server, it works.
So the problem is with my OpenBSD firewall.

Do I have to open other ports as well besides 1192 or make some special configuration on OpenBSD to allow tunneling?
0
mihaisz
Asked:
mihaisz
  • 4
  • 3
1 Solution
 
arnoldCommented:
What routes are you passing to the openVPN client from the server?
What IP are you pinging (the openVPN server IP)?  Is the IP listed when you get netstat -rn on the server  or are you trying to ping the Public IP that the OpenBSD box have?
Any reason why you did not setup the openVPN server on the openBSD box?

If the OpenVPN connection is established, your setup seems complete.  You need to double check what IP you are using to ping the server.
If you could post, netstat -rn from the workstation.

looking for the openVPN IP and what routes are added referencing this IP.
0
 
mihaiszAuthor Commented:
I'm trying to ping the IPs shown by ipconfig from the other end.
I tried this in both directions.
I attached the listing from ipconfig and netstat -rn from both client and server.

I'like to set it up on the Windows machine since I have no experience with OpenBSD.

routes.txt
0
 
arnoldCommented:
I think the openVPN IP that gets set on the client needs to be a host netmask 255.255.255.255 and not 255.255.255.252.
10.100.100.6/30 has 10.100.100.4-7 as its segment while your openVPN server IP is 10.100.100.1.
Post your openVPN config minus any identifying, password/passphrase/certificate information.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
mihaiszAuthor Commented:
I've uploded both the client and the server config files.
I use UDP. Should I use TCP instead?
The firewall is blocking the transfers since the connection established and it works behind the firewall.
client.ovpn.txt
server.opvn.txt
0
 
arnoldCommented:
TCP might be a better approach.

When you are testing with a workstation that has the same LAN IP, how sure are you that you are not getting to the server through the 192.168.x.x IP?
Not sure where you are getting the 255.255.255.252 netmask for the OpenVPN adapter.
Can you post the netstat -rn from the workstation on the LAN before and after the openVPN connection is made?

In the server config, you are not pushing any routes to the openVPN clients.
0
 
mihaiszAuthor Commented:
Good point: the LAN PC might use the LAN connection...
I attached the route table from that PC before and after connecting to the OpenVPN server.

I tried to swith to TCP but it did not work. I've put it back to UDP for now.
client-from-LAN.txt
0
 
mihaiszAuthor Commented:
The problem was with the Vista client: Microsoft added some extra security compared with XP.
It needed the following entries in the client config file and not it works:

route-method exe
route-delay 2

In order to see other computers from the OpenVPN's server's network I also had to configure NAT as described in:
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now