I want to connect to my home network with my laptop when abroad. I'll mostly use it for accesing shares on the home lan. I know that it is strange but at my home my 3 computers are with public IPs and are connected via switch to a public network. So I made one of my home computers a VPN server. I bridged a tap device with my NIC and started a bridged vpn server. Everything seems ok with the config and my laptop connects to the server and every home computer can ping/access shares on the laptop and vice versa. I can ping the server from the laptop.
-> The only problem I have is that server can't ping the laptop nor can it access the file shares. However, accessing the laptop from server is one of my goals.
Server is on Windows 7.
All my home PCs and laptop - Windows XP.
For the sake of testing the VPN tunnel I connected a TP-Link router to my home LAN and connected the laptop to the router. That's how I emulate an abroad connection.
My PCs have the following IP addresses:
A.B.C.199 - Server
A.B.C.78
A.B.C.95 - Router
Laptop connected behind the router has:
192.168.1.101
And when the laptop connects to the bridged lan i'm assigning it:
A.B.C.243
The config files are as follows:
server:
Code: Select all
port 1194
proto udp
dev tap
dev-node tap-bridge
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge A.B.C.254 255.255.255.0 A.B.C.243 A.B.C.249
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun.
status openvpn-status.log
verb 3
Code: Select all
client
dev tap
proto udp
remote A.B.C.199 1194
route-delay 30
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
Is it possible TP-Link to block pinging client from the server? I think not because the traffic should go trough the tunnel, isn't that right? And if the router is blocking it... how can I fix it?
And on a sidenote: The only way to connect to this public network of mine is with the "--redirect-gateway def1" directive. Am I right? Otherwise I'll end up with a routing loop?