Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

OpenVPN and LAN computers

Posted on 2011-03-16
7
1,077 Views
Last Modified: 2012-08-14
I have looked around on Experts Exchange and the internet and I can't seem to find the answer to my issue or it doesn't solve my issue.

I have an OpenVPN server running on Gentoo Linux and I am connecting from a remote machine. The client is OpenVPN and it's Windows Vista. The server only has one NIC.

My home network is 192.168.5.0/24
My DD-WRT router is 192.168.5.1
The Gentoo server IP address is 192.168.5.51
The VPN network is 192.168.10.0/24
VPN Gateway 192.168.10.1


When I connect to the server from the remote computer I can ping both the vpn gateway/192.168.10.1 and the server/192.168.5.51, but I cannot ping any other device in the LAN (192.168.5.52 for example)

This is the server config:

##############
#another network from the DD-WRT router
push "route 192.168.1.0 255.255.255.0 vpn_gateway"  

#my home network
push "route 192.168.5.0 255.255.255.0 vpn_gateway"

local 192.168.5.51
server 192.168.10.0 255.255.255.0
verb 5

dev tun0
proto udp
port 1195

keepalive 10 120

comp-lzo
client-to-client
duplicate-cn
tls-server

dh /etc/openvpn/keys/dh.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cert.pem
key /etc/openvpn/keys/key.pem
##############

the client config:

#################
remote host.ip.address.hidden 1195

client
#remote-cert-tls server
#tls-client
dev tun1
proto udp
resolv-retry infinite
nobind
keepalive 10 120
persist-key
persist-tun
comp-lzo
#verb 6
explicit-exit-notify 2

ca ca.crt
cert client1.crt
key client1.key
################

I have also setup IP forwarding per this tutorial
http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

I do not have iptables installed on the server but its not the firewall.

I am at a loss on this. This worked when I had it on my DD-WRT router, but I had to remove it because I was running more than one instance of OpenVPN and the router didnt have enough NVRAM to support two. So I figured I could offload it to a server but it's just not working.

Let me know if you need any more info.
0
Comment
Question by:Apexadmin
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:nettek0300
ID: 35148406
Is your VPN default gateway set correctly?  Do an ipconfig /all after you connect to the VPN to verify your VPN IP address settings.  You may have to add a push route for the .10 network.
0
 

Author Comment

by:Apexadmin
ID: 35148547
Ok here is the output.

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . : mydomain.local
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2C-E8-22-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7565:2bc4:c535:2a18%24(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : Monday, March 14, 2011 1:57:01 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 13, 2012 1:56:59 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.10.5
   DHCPv6 IAID . . . . . . . . . . . : 587267884
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0E-C1-7C-00-24-7E-6D-90-14
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled


It's interesting that the default gateway is blank. I can ping 192.168.10.1, but not 192.168.10.5
0
 
LVL 8

Accepted Solution

by:
LunarNRG earned 500 total points
ID: 35148618
You probably need to set a static route for 192.168.10.0/24 on the DD-WRT device so that packets know how to get back to the VPN subnet -- where "Dest LAN Net" == 192.168.10.0/255.255.255.0 and gateway == 192.168.5.51 (LAN ip address of the openvpn server). Otherwise, I'd double check that 'cat /proc/sys/net/ipv4/ip_forward' is still 1.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148704
More information here, specific to dd-wrt ...

http://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes
0
 

Author Comment

by:Apexadmin
ID: 35148882
The IP forward is still 1.

My DD-WRT router is giving me issues and won't let me log into the GUI to try adding the route. I will have to reset it when I get home.
0
 

Author Comment

by:Apexadmin
ID: 35148930
I was able to get into the DD-WRT router via HTTPS. Dont know why the HTTP failed.

I added the static route and it fixed it! Awesome man, thanks!
0
 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148950
Great! Glad it helped.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question