We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

VPN connection using OpenVPN.org

Medium Priority
745 Views
Last Modified: 2012-05-06
I want to connect my PC from home (client = Vista Business) with my server from the data center (Server = Windows 2003) using http://openvpn.org/index.php/downloads.html 
I installed the OpenVPN software on both the server and the client. The server is behind and OpenBSD firewall, where I forwarded port 1194 to the Windows Server.
When I launch the VPN on both the server and the client, it says Connected and it assigns an IP to my client.
However, ping to the server from the client (or vice-versa) does not work.
The Server has the Windows firewall disabled.

If I install the OpenVPN client on another machine behind the OpenBSD firewall and in the same network as the Server, it works.
So the problem is with my OpenBSD firewall.

Do I have to open other ports as well besides 1192 or make some special configuration on OpenBSD to allow tunneling?
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
What routes are you passing to the openVPN client from the server?
What IP are you pinging (the openVPN server IP)?  Is the IP listed when you get netstat -rn on the server  or are you trying to ping the Public IP that the OpenBSD box have?
Any reason why you did not setup the openVPN server on the openBSD box?

If the OpenVPN connection is established, your setup seems complete.  You need to double check what IP you are using to ping the server.
If you could post, netstat -rn from the workstation.

looking for the openVPN IP and what routes are added referencing this IP.

Author

Commented:
I'm trying to ping the IPs shown by ipconfig from the other end.
I tried this in both directions.
I attached the listing from ipconfig and netstat -rn from both client and server.

I'like to set it up on the Windows machine since I have no experience with OpenBSD.

routes.txt
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I think the openVPN IP that gets set on the client needs to be a host netmask 255.255.255.255 and not 255.255.255.252.
10.100.100.6/30 has 10.100.100.4-7 as its segment while your openVPN server IP is 10.100.100.1.
Post your openVPN config minus any identifying, password/passphrase/certificate information.

Author

Commented:
I've uploded both the client and the server config files.
I use UDP. Should I use TCP instead?
The firewall is blocking the transfers since the connection established and it works behind the firewall.
client.ovpn.txt
server.opvn.txt
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
TCP might be a better approach.

When you are testing with a workstation that has the same LAN IP, how sure are you that you are not getting to the server through the 192.168.x.x IP?
Not sure where you are getting the 255.255.255.252 netmask for the OpenVPN adapter.
Can you post the netstat -rn from the workstation on the LAN before and after the openVPN connection is made?

In the server config, you are not pushing any routes to the openVPN clients.

Author

Commented:
Good point: the LAN PC might use the LAN connection...
I attached the route table from that PC before and after connecting to the OpenVPN server.

I tried to swith to TCP but it did not work. I've put it back to UDP for now.
client-from-LAN.txt
Commented:
The problem was with the Vista client: Microsoft added some extra security compared with XP.
It needed the following entries in the client config file and not it works:

route-method exe
route-delay 2

In order to see other computers from the OpenVPN's server's network I also had to configure NAT as described in:
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.