Solved

OpenVPN and LAN computers

Posted on 2011-03-16
7
1,084 Views
Last Modified: 2012-08-14
I have looked around on Experts Exchange and the internet and I can't seem to find the answer to my issue or it doesn't solve my issue.

I have an OpenVPN server running on Gentoo Linux and I am connecting from a remote machine. The client is OpenVPN and it's Windows Vista. The server only has one NIC.

My home network is 192.168.5.0/24
My DD-WRT router is 192.168.5.1
The Gentoo server IP address is 192.168.5.51
The VPN network is 192.168.10.0/24
VPN Gateway 192.168.10.1


When I connect to the server from the remote computer I can ping both the vpn gateway/192.168.10.1 and the server/192.168.5.51, but I cannot ping any other device in the LAN (192.168.5.52 for example)

This is the server config:

##############
#another network from the DD-WRT router
push "route 192.168.1.0 255.255.255.0 vpn_gateway"  

#my home network
push "route 192.168.5.0 255.255.255.0 vpn_gateway"

local 192.168.5.51
server 192.168.10.0 255.255.255.0
verb 5

dev tun0
proto udp
port 1195

keepalive 10 120

comp-lzo
client-to-client
duplicate-cn
tls-server

dh /etc/openvpn/keys/dh.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cert.pem
key /etc/openvpn/keys/key.pem
##############

the client config:

#################
remote host.ip.address.hidden 1195

client
#remote-cert-tls server
#tls-client
dev tun1
proto udp
resolv-retry infinite
nobind
keepalive 10 120
persist-key
persist-tun
comp-lzo
#verb 6
explicit-exit-notify 2

ca ca.crt
cert client1.crt
key client1.key
################

I have also setup IP forwarding per this tutorial
http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

I do not have iptables installed on the server but its not the firewall.

I am at a loss on this. This worked when I had it on my DD-WRT router, but I had to remove it because I was running more than one instance of OpenVPN and the router didnt have enough NVRAM to support two. So I figured I could offload it to a server but it's just not working.

Let me know if you need any more info.
0
Comment
Question by:Apexadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 6

Expert Comment

by:nettek0300
ID: 35148406
Is your VPN default gateway set correctly?  Do an ipconfig /all after you connect to the VPN to verify your VPN IP address settings.  You may have to add a push route for the .10 network.
0
 

Author Comment

by:Apexadmin
ID: 35148547
Ok here is the output.

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . : mydomain.local
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2C-E8-22-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7565:2bc4:c535:2a18%24(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : Monday, March 14, 2011 1:57:01 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 13, 2012 1:56:59 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.10.5
   DHCPv6 IAID . . . . . . . . . . . : 587267884
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0E-C1-7C-00-24-7E-6D-90-14
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled


It's interesting that the default gateway is blank. I can ping 192.168.10.1, but not 192.168.10.5
0
 
LVL 8

Accepted Solution

by:
LunarNRG earned 500 total points
ID: 35148618
You probably need to set a static route for 192.168.10.0/24 on the DD-WRT device so that packets know how to get back to the VPN subnet -- where "Dest LAN Net" == 192.168.10.0/255.255.255.0 and gateway == 192.168.5.51 (LAN ip address of the openvpn server). Otherwise, I'd double check that 'cat /proc/sys/net/ipv4/ip_forward' is still 1.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148704
More information here, specific to dd-wrt ...

http://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes
0
 

Author Comment

by:Apexadmin
ID: 35148882
The IP forward is still 1.

My DD-WRT router is giving me issues and won't let me log into the GUI to try adding the route. I will have to reset it when I get home.
0
 

Author Comment

by:Apexadmin
ID: 35148930
I was able to get into the DD-WRT router via HTTPS. Dont know why the HTTP failed.

I added the static route and it fixed it! Awesome man, thanks!
0
 
LVL 8

Expert Comment

by:LunarNRG
ID: 35148950
Great! Glad it helped.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question