VPN connection using OpenVPN.org

I want to connect my PC from home (client = Vista Business) with my server from the data center (Server = Windows 2003) using http://openvpn.org/index.php/downloads.html 
I installed the OpenVPN software on both the server and the client. The server is behind and OpenBSD firewall, where I forwarded port 1194 to the Windows Server.
When I launch the VPN on both the server and the client, it says Connected and it assigns an IP to my client.
However, ping to the server from the client (or vice-versa) does not work.
The Server has the Windows firewall disabled.

If I install the OpenVPN client on another machine behind the OpenBSD firewall and in the same network as the Server, it works.
So the problem is with my OpenBSD firewall.

Do I have to open other ports as well besides 1192 or make some special configuration on OpenBSD to allow tunneling?
mihaiszAsked:
Who is Participating?
 
mihaiszAuthor Commented:
The problem was with the Vista client: Microsoft added some extra security compared with XP.
It needed the following entries in the client config file and not it works:

route-method exe
route-delay 2

In order to see other computers from the OpenVPN's server's network I also had to configure NAT as described in:
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html
0
 
arnoldCommented:
What routes are you passing to the openVPN client from the server?
What IP are you pinging (the openVPN server IP)?  Is the IP listed when you get netstat -rn on the server  or are you trying to ping the Public IP that the OpenBSD box have?
Any reason why you did not setup the openVPN server on the openBSD box?

If the OpenVPN connection is established, your setup seems complete.  You need to double check what IP you are using to ping the server.
If you could post, netstat -rn from the workstation.

looking for the openVPN IP and what routes are added referencing this IP.
0
 
mihaiszAuthor Commented:
I'm trying to ping the IPs shown by ipconfig from the other end.
I tried this in both directions.
I attached the listing from ipconfig and netstat -rn from both client and server.

I'like to set it up on the Windows machine since I have no experience with OpenBSD.

routes.txt
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
arnoldCommented:
I think the openVPN IP that gets set on the client needs to be a host netmask 255.255.255.255 and not 255.255.255.252.
10.100.100.6/30 has 10.100.100.4-7 as its segment while your openVPN server IP is 10.100.100.1.
Post your openVPN config minus any identifying, password/passphrase/certificate information.
0
 
mihaiszAuthor Commented:
I've uploded both the client and the server config files.
I use UDP. Should I use TCP instead?
The firewall is blocking the transfers since the connection established and it works behind the firewall.
client.ovpn.txt
server.opvn.txt
0
 
arnoldCommented:
TCP might be a better approach.

When you are testing with a workstation that has the same LAN IP, how sure are you that you are not getting to the server through the 192.168.x.x IP?
Not sure where you are getting the 255.255.255.252 netmask for the OpenVPN adapter.
Can you post the netstat -rn from the workstation on the LAN before and after the openVPN connection is made?

In the server config, you are not pushing any routes to the openVPN clients.
0
 
mihaiszAuthor Commented:
Good point: the LAN PC might use the LAN connection...
I attached the route table from that PC before and after connecting to the OpenVPN server.

I tried to swith to TCP but it did not work. I've put it back to UDP for now.
client-from-LAN.txt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.