[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

How to reach PC's after OpenVPN Net


I have a remote connection using OpenVPN.
My network is like this:
One PC should work as VPN Server, local IP is  and as you can see in the seetings VPN IP is .
So when the client connect to the server antything is fine for this connection.
I can ping and also - both IPs of the server.
The remote client get the IP and is also reachable by the VPN Server.

My problem is that I need also access an other PC in the 192.168.2.x net and don't know how to do this.
The command - push "route" - seems only to work for the VPN Server but not for the clients behind.

What are the right configs for?


port 4700
proto udp
dev tun
ca "E:\\Programme\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "E:\\Programme\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "E:\\Programme\\OpenVPN\\easy-rsa\\keys\\server.key"  # This file should be kept secret
dh "E:\\Programme\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
ifconfig-pool-persist ipp.txt
push "route"
keepalive 10 120
status openvpn-status.log
verb 3

Open in new window

  • 7
  • 6
1 Solution
QlemoC++ DeveloperCommented:
The push is necessary. But all PCs to reach, located in network, have to know about the VPN server being responsible for 10.8.0.x/24. Hence, that server needs to be either the default gateway, or that route has to be added to each client, or to the default gateway (preferred). You need
route -p add mask
Since you can reach, I do not think you need to enable routing on the server (Routing and RAS is running already probably).
andre72Author Commented:
Thanks Qlemo I thinks I understand what you need at all.

The default geateway is a router - ...

But where I've to execute the command route -p add mask ?
At the VPN Server, the VPN Client or the LAN Clients?
QlemoC++ DeveloperCommented:
"[...] or that route has to be added to each client, or to the default gateway (preferred)".

That route command is for usage on each PC (LAN clients). A similar comment can be used instead on (which is not the server), the syntax will be different, depending on what brand that device is.


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

andre72Author Commented:
I tried it on a LAN client ( and route print reports OK:
Target      Mask                   Gateway      IP - - -

But as before VPN Client ( can't reach ....
Or did I missunderstand you?
QlemoC++ DeveloperCommented:
Did you enable Routing on You can see the necessary steps in Article 350, under "Configuration"; only the first code snippet is needed.
andre72Author Commented:
I tried it but I get an error at the last line:

net start RemoteAccess reports an error 1058: service is unavailable
andre72Author Commented:
Something else ... Won't bridging from VPN->LAN an easier solution?
I'm a novice with networking like this ...
QlemoC++ DeveloperCommented:
Depending on the OS version, the service can be called "Routing and RAS" instead.

Yes, bridging would be easier, as you would have "transparent" IPs, that is IP addresses of the LAN network (instead of an own network). This feature is not available that long now with OpenVPN 2.1 on Windows, previously it worked only on *nix. I must admit I wanted to try that for very long now, but had no time yet.
andre72Author Commented:
My VPN Server has Windows Pro and the VPN Client too. The LAN Clients are using Vista.

So what ever will work with this to connect ot the LAN clients I would agree with.
Also let the LAN clients connect to the VPN Server using OpenVPN would be ok.
I mean:
Remote VPN ( <-> VPN Server ( <-> One LAN Client using also OpenVPN (

As long as will be able to connect ....
QlemoC++ DeveloperCommented:
"Windows Pro" = XP, I suppose? Open the Service applet, and see if the service is called RemoteAccess (by opening the property of the service called similar), and whether it is not disabled.

Connecting one or two LAN clients via OpenVPN would be possible, but oversized and introducing some difficulties (e.g. the push route should not be done). I would not recommend that.
andre72Author Commented:
You'd been right about the RemoteAccess Service it was disabled.
Now is still working but also I can only access the server and no pc from the LAN ...
QlemoC++ DeveloperCommented:
Have you checked the local firewalls of the LAN clients? Ingress connections will have the 10.8.0.x addresses, and might be filtered by Windows Firewall.
andre72Author Commented:
Thanks for your support! You'd been right - the Firewall was the last problem. Very good step by step explaining. Thanks!

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now