• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1112
  • Last Modified:

OpenVPN and LAN computers

I have looked around on Experts Exchange and the internet and I can't seem to find the answer to my issue or it doesn't solve my issue.

I have an OpenVPN server running on Gentoo Linux and I am connecting from a remote machine. The client is OpenVPN and it's Windows Vista. The server only has one NIC.

My home network is 192.168.5.0/24
My DD-WRT router is 192.168.5.1
The Gentoo server IP address is 192.168.5.51
The VPN network is 192.168.10.0/24
VPN Gateway 192.168.10.1


When I connect to the server from the remote computer I can ping both the vpn gateway/192.168.10.1 and the server/192.168.5.51, but I cannot ping any other device in the LAN (192.168.5.52 for example)

This is the server config:

##############
#another network from the DD-WRT router
push "route 192.168.1.0 255.255.255.0 vpn_gateway"  

#my home network
push "route 192.168.5.0 255.255.255.0 vpn_gateway"

local 192.168.5.51
server 192.168.10.0 255.255.255.0
verb 5

dev tun0
proto udp
port 1195

keepalive 10 120

comp-lzo
client-to-client
duplicate-cn
tls-server

dh /etc/openvpn/keys/dh.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/cert.pem
key /etc/openvpn/keys/key.pem
##############

the client config:

#################
remote host.ip.address.hidden 1195

client
#remote-cert-tls server
#tls-client
dev tun1
proto udp
resolv-retry infinite
nobind
keepalive 10 120
persist-key
persist-tun
comp-lzo
#verb 6
explicit-exit-notify 2

ca ca.crt
cert client1.crt
key client1.key
################

I have also setup IP forwarding per this tutorial
http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

I do not have iptables installed on the server but its not the firewall.

I am at a loss on this. This worked when I had it on my DD-WRT router, but I had to remove it because I was running more than one instance of OpenVPN and the router didnt have enough NVRAM to support two. So I figured I could offload it to a server but it's just not working.

Let me know if you need any more info.
0
Apexadmin
Asked:
Apexadmin
  • 3
  • 3
1 Solution
 
nettek0300Commented:
Is your VPN default gateway set correctly?  Do an ipconfig /all after you connect to the VPN to verify your VPN IP address settings.  You may have to add a push route for the .10 network.
0
 
ApexadminAuthor Commented:
Ok here is the output.

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . : mydomain.local
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-2C-E8-22-7D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7565:2bc4:c535:2a18%24(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : Monday, March 14, 2011 1:57:01 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 13, 2012 1:56:59 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.10.5
   DHCPv6 IAID . . . . . . . . . . . : 587267884
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0E-C1-7C-00-24-7E-6D-90-14
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled


It's interesting that the default gateway is blank. I can ping 192.168.10.1, but not 192.168.10.5
0
 
LunarNRGCommented:
You probably need to set a static route for 192.168.10.0/24 on the DD-WRT device so that packets know how to get back to the VPN subnet -- where "Dest LAN Net" == 192.168.10.0/255.255.255.0 and gateway == 192.168.5.51 (LAN ip address of the openvpn server). Otherwise, I'd double check that 'cat /proc/sys/net/ipv4/ip_forward' is still 1.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
LunarNRGCommented:
More information here, specific to dd-wrt ...

http://www.dd-wrt.com/wiki/index.php/Linking_Subnets_with_Static_Routes
0
 
ApexadminAuthor Commented:
The IP forward is still 1.

My DD-WRT router is giving me issues and won't let me log into the GUI to try adding the route. I will have to reset it when I get home.
0
 
ApexadminAuthor Commented:
I was able to get into the DD-WRT router via HTTPS. Dont know why the HTTP failed.

I added the static route and it fixed it! Awesome man, thanks!
0
 
LunarNRGCommented:
Great! Glad it helped.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now