?
Solved

OpenVPN and LAN computers

Posted on 2011-03-16
7
Medium Priority
?
1,097 Views
Last Modified: 2012-08-14
I have looked around on Experts Exchange and the internet and I can't seem to find the answer to my issue or it doesn't solve my issue.

I have an OpenVPN server running on Gentoo Linux and I am connecting from a remote machine. The client is OpenVPN and it's Windows Vista. The server only has one NIC.

My home network is 192.168.5.0/24
My DD-WRT router is 192.168.5.1
The Gentoo server IP address is 192.168.5.51
The VPN network is 192.168.10.0/24
VPN Gateway 192.168.10.1


When I connect to the server from the remote computer I can ping both the vpn gateway/192.168.10.1 and the server/192.168.5.51, but I cannot ping any other device in the LAN (192.168.5.52 for example)

This is the server config:

##############
#another network from the DD-WRT router
push "route 192.168.1.0 255.255.255.0 vpn_gateway"  

#my home network
push "route 192.168.5.0 255.255.255.0 vpn_gateway"

local 192.168.5.51
server 192.168.10.0 255.255.255.0
verb 5

dev tun0
proto udp
port 1195

keepalive 10 120

comp-lzo
client-to-client
duplicate-cn
tls-server

dh /etc/openvpn/keys/dh.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cert.pem
key /etc/openvpn/keys/key.pem
##############

the client config:

#################
remote host.ip.address.hidden 1195

client
#remote-cert-tls server
#tls-client
dev tun1
proto udp
resolv-retry infinite
nobind
keepalive 10 120
persist-key
persist-tun
comp-lzo
#verb 6
explicit-exit-notify 2

ca ca.crt
cert client1.crt
key client1.key
################

I have also setup IP forwarding per this tutorial
http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

I do not have iptables installed on the server but its not the firewall.

I am at a loss on this. This worked when I had it on my DD-WRT router, but I had to remove it because I was running more than one instance of OpenVPN and the router didnt have enough NVRAM to support two. So I figured I could offload it to a server but it's just not working.

Let me know if you need any more info.
0
Comment
Question by:Apexadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:nettek0300
ID: 35148406
Is your VPN default gateway set correctly?  Do an ipconfig /all after you connect to the VPN to verify your VPN IP address settings.  You may have to add a push route for the .10 network.
0
 

Author Comment

by:Apexadmin
ID: 35148547
Ok here is the output.

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . : mydomain.local
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2C-E8-22-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7565:2bc4:c535:2a18%24(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : Monday, March 14, 2011 1:57:01 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 13, 2012 1:56:59 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.10.5
   DHCPv6 IAID . . . . . . . . . . . : 587267884
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0E-C1-7C-00-24-7E-6D-90-14
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled


It's interesting that the default gateway is blank. I can ping 192.168.10.1, but not 192.168.10.5
0
 
LVL 8

Accepted Solution

by:
LunarNRG earned 2000 total points
ID: 35148618
You probably need to set a static route for 192.168.10.0/24 on the DD-WRT device so that packets know how to get back to the VPN subnet -- where "Dest LAN Net" == 192.168.10.0/255.255.255.0 and gateway == 192.168.5.51 (LAN ip address of the openvpn server). Otherwise, I'd double check that 'cat /proc/sys/net/ipv4/ip_forward' is still 1.
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148704
More information here, specific to dd-wrt ...

http://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes
0
 

Author Comment

by:Apexadmin
ID: 35148882
The IP forward is still 1.

My DD-WRT router is giving me issues and won't let me log into the GUI to try adding the route. I will have to reset it when I get home.
0
 

Author Comment

by:Apexadmin
ID: 35148930
I was able to get into the DD-WRT router via HTTPS. Dont know why the HTTP failed.

I added the static route and it fixed it! Awesome man, thanks!
0
 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148950
Great! Glad it helped.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month15 days, 2 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question