Solved

OpenVPN routing issue

Posted on 2009-04-01
2
368 Views
Last Modified: 2012-05-06
Hello,

I have set up OpenVPN on two Windows 2003 server called X et Y.
Server X is defined as OpenVPN client and belong to network 10.224.58.0 255.255.254.0. Server X IP is 10.224.58.63
Server Y is defined as OpenVPN server and belong to network 10.100.0.0 255.255.0.0. Server Y IP is 10.100.100.100

VPN IP address for Server X (client) is 10.9.0.2. VPN IP address for Server Y is 10.9.0.1

The tunnel is up. I can ping both VPN IP addresses as well as Server X and Server Y IP addresses.

From a PC (10.100.10.10) in network 10.100.0.0, I can ping Server X (OpenVPN client). But I cannot from Server X ping 10.100.10.10.

On the Server Y (OpenVPN server) I have enabled the IPEnableRouter registry.

Windows Firewalls are desactivated.

Any help will be appreciated...
S.
OpenVPN client:
remote 123.123.123.123
dev tun
ifconfig 10.9.0.2 10.9.0.1
tls-client
route 10.100.0.0 255.255.0.0 10.9.0.1
dh dh1024.pem
ca ca.crt
cert client.crt
key clientkey
 
OpenVPN server
dev tun
ifconfig 10.9.0.1 10.9.0.2
route 10.224.58.0 255.255.254.0 10.9.0.2
tls-server
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

Open in new window

0
Comment
Question by:slimard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:slimard
ID: 24037288
I solved the issue by adding a static route on the PC (10.100.10.10) --> route add 10.9.0.0 mask 255.255.255.252 10.100.100.100

What I don't understand, is that the source should have been 10.224.59.63 and not 10.9.0.2?
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 24040639
No, the routing interface on Server X is used to determine the source IP address, as that server has more than one (virtual) NIC, and the route into the other network is fixed to the 10.9.0.2 address (by route). That is quite normal that way. If you use a PC on the X network, it will work without that static route.

If this is a problem and you want to propagate full two-side access from servers into network you will have to set the route above on both your default gateways. That way you won't have to define the route on each client.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question