Solved

openvpn routing problem

Posted on 2010-11-12
26
615 Views
Last Modified: 2012-05-10
I am running a vpn server using the following config
when I connect I recieve an error stating
PUSH_REQUEST status=1
and it is setting my defualt gatway to the gateway of the wireless network I am connected to please help


local 192.168.0.59
server 192.168.200.0 255.255.255.0
port 5959
proto udp
max-clients 100
mssfix 1400
persist-key
dev tap
push dhcp-option 192.168.200.0
push "route-gateway 192.168.200.0 255.255.255.0 192.168.0.1 255.255.255.0"
push "redirect-gateway"
dh "C:/Program Files/OpenVPN/easy-rsa/keys/dh1024.pem"
ca "C:/Program Files/OpenVPN/easy-rsa/keys/ca.crt"
cert "C:/Program Files/OpenVPN/easy-rsa/keys/pracvpn.crt"
key "c:/program files/openvpn/easy-rsa/keys/pracvpn.key"
keepalive 10 120        
comp-lzo
script-security 2
status openvpn-status.log
verb 3

0
Comment
Question by:jfranco123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 7
  • 4
26 Comments
 
LVL 6

Expert Comment

by:r3nder
ID: 34122060
check the IP of your wireless router. I am willing to bet it is 192.168.0.1 which in the statement above is where you are configuing it.
Try this
change
push "route-gateway 192.168.200.0 255.255.255.0 192.168.0.1 255.255.255.0"
to
push "route-gateway 192.168.200.0 255.255.255.0"

R3nder
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34122085
The ip of the router is 192.168.1.1
I tried your change and am recieving the same error
0
 
LVL 6

Expert Comment

by:r3nder
ID: 34122148
I suggest you use "route 192.168.200.0 255.255.255.0" in the OpenVPN
configuration file on the client Otherwise OpenVPN won't probably
know how to deal with the traffic.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 2

Author Comment

by:jfranco123
ID: 34122171
Here is my current config
still openvpn is assigning my defauly gateway to 192.168.1.1

local 192.168.0.59
server 192.168.200.0 255.255.255.0
port 5959
proto udp
max-clients 100
mssfix 1400
persist-key
dev tap
push "route 192.168.200.0 255.255.255.0"
push "route-gateway 192.168.200.0 255.255.255.0"
push "redirect-gateway"
dh "C:/Program Files/OpenVPN/easy-rsa/keys/dh1024.pem"
ca "C:/Program Files/OpenVPN/easy-rsa/keys/ca.crt"
cert "C:/Program Files/OpenVPN/easy-rsa/keys/pracvpn.crt"
key "c:/program files/openvpn/easy-rsa/keys/pracvpn.key"
keepalive 10 120        
comp-lzo
script-security 2
status openvpn-status.log
verb 3

0
 
LVL 6

Expert Comment

by:r3nder
ID: 34122345
your openVPN server is it on a LAN - if so you will have to add a firewall rule to it. It should look something like this (depending on make and model)

Destination Gateway Subnet Mask Metric Interface Description
10.243.0.0 10.69.69.86 255.255.255.0 0 LAN vpn stuff
(VPN) (server) (subnet)
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34122616
I am not using a windows firewall and my firewall has a rule in it
destination 192.168.200.0 subnet 255.255.255.0 gateway 192.168.0.1
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34122738
Last post is obviously misdirected - wrong question?!

The following config options do not make much sense. Remove them. One of them redirects your default gateway.
push "route-gateway 192.168.200.0 255.255.255.0"
push "redirect-gateway"

Open in new window

0
 
LVL 6

Expert Comment

by:r3nder
ID: 34122752
k - Linux/BSD
The server route table is:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
(use your IP's)
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0

The client conf file is:
remote server_ip 1194
client
dev tun
proto tcp
resolv-retry infinite # this is necessary for DynDNS
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert ronclient.crt
key ronclient.key
comp-lzo
verb 4
mute 20

The client routing table when connected looks like this:
Destination  Gateway      Genmask      Flags      Metric      Ref Use Iface
10.8.0.5    *      255.255.255.255 UH      0       0   0   tun0
10.8.0.1   10.8.0.5 255.255.255.255 UGH 0       0   0   tun0
192.168.5.0 *       255.255.255.0 U     0       0   0   eth1
192.168.0.0 10.8.0.5 255.255.255.0 UG   0       0   0   tun0
link-local  *        255.255.0.0   U    1000    0   0   eth1
default    192.168.5.1 0.0.0.0   UG     0       0   0   eth1
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34122795
qlemo:
I removed
 push "route-gateway 192.168.200.0 255.255.255.0"
push "redirect-gateway
from my config file and am still having the same issue
and now I am unable to see the one machine I had a static route on.
when I do an ipconfig
I have default gateway completely blank
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 34122878
I did not read your complete config. Whoever set it up, did it with several mistakes or conflicts.

Let's consolidate the facts:
Your server LAN is 192.168.0.0/24, the server having 192.168.0.59.
OpenVPN is configured in TAP mode (bridging) with IPs of 192.168.200.0/24.
Your local LAN is 192.168.1.0/24, and the WLAN router is 192.168.1.1.

I don't get what you want to achieve, and what the error is. Could you explain that? Which side is wrong? What's that static route about?

0
 
LVL 2

Author Comment

by:jfranco123
ID: 34122913
server lan 192.168.0.0
openvpn server 192.168.0.59
I am running tap mode without bridiging
my local lan is 192.168.0.0
and the wlan I am using is 192.168.1.1
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34122928
I want to be able to vpn in from the wireless gateway which is 192.168.1.1 to the local lan which is 192.168.0.1 using a vpn ip of 192.168.200.0 and be able to hit all the machines on the 192.168.0.0 network
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34122966
The OpenVPN client is running on 192.168.1.1?

192.168.0.0/24 is appearing twice - as your server LAN and the local LAN. Is that correct? Because that is no supported configuration - LANs need to be distinct.
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34122984
the client that is connecting to the openvpn has the 192.168.1.1 gateway
the openvpn server is 192.168.0.59
I can only ping 192.168.0.59
I want to be able to connect to all the machines on 192.168.0.0
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 34123127
Since you can ping 192.168.0.59, you still have route-redirect in your server config, I assume.
Further, I reckon the 192.168.0.59 is not the default gateway on the 192.168.0.0 LAN. If that is true, the default gateway needs to know how to route your requests (coming from 192.168.200.x) - by setting a route there for 192.168.200.0 mask 255.255.255.0 using gateway 192.168.0.59.

The above is based on a network layout like

   PCs (192.168.0.x) ---------------------v
   OpenVPN Server (192.168.0.59) ----|------------ Firewall/Router (192.168.0.x)
                                                                                                          |
    PC (192.168.1.x) -----> WLAN (192.168.1.1)-------(OpenVPN 192.168.200.x)

I have omitted the public IPs and Internet routing.
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34123230
I dont have the route-redirect in my config
where would i add that route? to the 192.168.0.59 machine (vpn server) or my router?
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34123360
okay... I added the route to the gateway 192.168.0.254 and un remarked the pushgateway and redirect gateway and I can see all network devices?
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 34123371
Ît is important the default gateway of the 192.168.0.0 network has that route set.
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34123399
the default gateway is 192.168.0.254 that has the route in it
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34123408
but the vpn only works if I leave the following command in the server config
push "route-gateway 192.168.200.0 255.255.255.0"
push "redirect-gateway"
 
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34123438
You reset your default gateway on the client by using redirect-gateway, and ALL traffic flows over the OpenVPN. I don't think you need the that statements, but instead
push "route 192.168.0.0 255.255.255.0"

Open in new window


0
 
LVL 2

Accepted Solution

by:
jfranco123 earned 0 total points
ID: 34123477
I removed the push gateway and redirect and added that line above and everything works... Thank You SO MUCH!!!!
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34123558
Great it works now. The config does make much more sense now ;-).
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34123622
yes it does thank you for all the help again
0
 
LVL 2

Author Comment

by:jfranco123
ID: 34123698
thanks
0
 
LVL 2

Author Closing Comment

by:jfranco123
ID: 34153350
Thank you for your patience and your advice
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powerline Adapter - Unidentified network 9 90
PXE boot for ESXi on CENTOS 7 25 108
How to change ESXi 6.5 NIC E1000 to vmxnet3 9 85
patch status tool - free 9 58
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question