Solved

OpenVPN routing issue

Posted on 2009-04-01
2
351 Views
Last Modified: 2012-05-06
Hello,

I have set up OpenVPN on two Windows 2003 server called X et Y.
Server X is defined as OpenVPN client and belong to network 10.224.58.0 255.255.254.0. Server X IP is 10.224.58.63
Server Y is defined as OpenVPN server and belong to network 10.100.0.0 255.255.0.0. Server Y IP is 10.100.100.100

VPN IP address for Server X (client) is 10.9.0.2. VPN IP address for Server Y is 10.9.0.1

The tunnel is up. I can ping both VPN IP addresses as well as Server X and Server Y IP addresses.

From a PC (10.100.10.10) in network 10.100.0.0, I can ping Server X (OpenVPN client). But I cannot from Server X ping 10.100.10.10.

On the Server Y (OpenVPN server) I have enabled the IPEnableRouter registry.

Windows Firewalls are desactivated.

Any help will be appreciated...
S.
OpenVPN client:

remote 123.123.123.123

dev tun

ifconfig 10.9.0.2 10.9.0.1

tls-client

route 10.100.0.0 255.255.0.0 10.9.0.1

dh dh1024.pem

ca ca.crt

cert client.crt

key clientkey
 

OpenVPN server

dev tun

ifconfig 10.9.0.1 10.9.0.2

route 10.224.58.0 255.255.254.0 10.9.0.2

tls-server

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

Open in new window

0
Comment
Question by:slimard
2 Comments
 

Author Comment

by:slimard
ID: 24037288
I solved the issue by adding a static route on the PC (10.100.10.10) --> route add 10.9.0.0 mask 255.255.255.252 10.100.100.100

What I don't understand, is that the source should have been 10.224.59.63 and not 10.9.0.2?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 24040639
No, the routing interface on Server X is used to determine the source IP address, as that server has more than one (virtual) NIC, and the route into the other network is fixed to the 10.9.0.2 address (by route). That is quite normal that way. If you use a PC on the X network, it will work without that static route.

If this is a problem and you want to propagate full two-side access from servers into network you will have to set the route above on both your default gateways. That way you won't have to define the route on each client.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now