Solved

OpenVPN and LAN computers

Posted on 2011-03-16
7
1,091 Views
Last Modified: 2012-08-14
I have looked around on Experts Exchange and the internet and I can't seem to find the answer to my issue or it doesn't solve my issue.

I have an OpenVPN server running on Gentoo Linux and I am connecting from a remote machine. The client is OpenVPN and it's Windows Vista. The server only has one NIC.

My home network is 192.168.5.0/24
My DD-WRT router is 192.168.5.1
The Gentoo server IP address is 192.168.5.51
The VPN network is 192.168.10.0/24
VPN Gateway 192.168.10.1


When I connect to the server from the remote computer I can ping both the vpn gateway/192.168.10.1 and the server/192.168.5.51, but I cannot ping any other device in the LAN (192.168.5.52 for example)

This is the server config:

##############
#another network from the DD-WRT router
push "route 192.168.1.0 255.255.255.0 vpn_gateway"  

#my home network
push "route 192.168.5.0 255.255.255.0 vpn_gateway"

local 192.168.5.51
server 192.168.10.0 255.255.255.0
verb 5

dev tun0
proto udp
port 1195

keepalive 10 120

comp-lzo
client-to-client
duplicate-cn
tls-server

dh /etc/openvpn/keys/dh.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cert.pem
key /etc/openvpn/keys/key.pem
##############

the client config:

#################
remote host.ip.address.hidden 1195

client
#remote-cert-tls server
#tls-client
dev tun1
proto udp
resolv-retry infinite
nobind
keepalive 10 120
persist-key
persist-tun
comp-lzo
#verb 6
explicit-exit-notify 2

ca ca.crt
cert client1.crt
key client1.key
################

I have also setup IP forwarding per this tutorial
http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

I do not have iptables installed on the server but its not the firewall.

I am at a loss on this. This worked when I had it on my DD-WRT router, but I had to remove it because I was running more than one instance of OpenVPN and the router didnt have enough NVRAM to support two. So I figured I could offload it to a server but it's just not working.

Let me know if you need any more info.
0
Comment
Question by:Apexadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:nettek0300
ID: 35148406
Is your VPN default gateway set correctly?  Do an ipconfig /all after you connect to the VPN to verify your VPN IP address settings.  You may have to add a push route for the .10 network.
0
 

Author Comment

by:Apexadmin
ID: 35148547
Ok here is the output.

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . : mydomain.local
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2C-E8-22-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7565:2bc4:c535:2a18%24(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : Monday, March 14, 2011 1:57:01 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 13, 2012 1:56:59 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.10.5
   DHCPv6 IAID . . . . . . . . . . . : 587267884
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0E-C1-7C-00-24-7E-6D-90-14
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled


It's interesting that the default gateway is blank. I can ping 192.168.10.1, but not 192.168.10.5
0
 
LVL 8

Accepted Solution

by:
LunarNRG earned 500 total points
ID: 35148618
You probably need to set a static route for 192.168.10.0/24 on the DD-WRT device so that packets know how to get back to the VPN subnet -- where "Dest LAN Net" == 192.168.10.0/255.255.255.0 and gateway == 192.168.5.51 (LAN ip address of the openvpn server). Otherwise, I'd double check that 'cat /proc/sys/net/ipv4/ip_forward' is still 1.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148704
More information here, specific to dd-wrt ...

http://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes
0
 

Author Comment

by:Apexadmin
ID: 35148882
The IP forward is still 1.

My DD-WRT router is giving me issues and won't let me log into the GUI to try adding the route. I will have to reset it when I get home.
0
 

Author Comment

by:Apexadmin
ID: 35148930
I was able to get into the DD-WRT router via HTTPS. Dont know why the HTTP failed.

I added the static route and it fixed it! Awesome man, thanks!
0
 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148950
Great! Glad it helped.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question