Tunnel is up but no access to private subnets

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
8dqqz
OpenVpn Newbie
Posts: 7
Joined: Mon Mar 06, 2017 1:34 pm

Tunnel is up but no access to private subnets

Post by 8dqqz » Mon Mar 13, 2017 8:27 pm

Image
Hi,

I have set up an OpenVPN server as tun on Windows 2012 R2. Clients are able to establish a tunnel but they're unable to reach private subnets on the server's network and I can't get it to work. I have tried nearly all options to which I thought made a difference: tun/tap, server/server-bridge, push routes, client-config-dir, push "redirect-gateway def1 bypass-dhcp", client to client but I suspect I'm doing something wrong with the routing so in order to reach server 10.20.2.211 on the server's network, I also tried add manual routes on the client: ip route add 10.20.2.211/32 dev tun0 , but that doesn't make a difference either.

Code: Select all

port 49999
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" 
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
server 10.20.40.0 255.255.255.0
ifconfig-pool-persist ipp.txt
duplicate-cn
keepalive 10 120
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
My company requires me to have the vpn clients in a different subnet, can anyone tell me if the scenario from the picture above is possible? And possibly how to set up the routing commands? Thanks in advance.

8dqqz
OpenVpn Newbie
Posts: 7
Joined: Mon Mar 06, 2017 1:34 pm

Re: Tunnel is up but no access to private subnets

Post by 8dqqz » Mon Mar 13, 2017 8:48 pm

Routing table on client with established tunnel:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.25.0.1 0.0.0.0 UG 100 0 0 enp4s0
10.20.40.1 10.20.40.5 255.255.255.255 UGH 0 0 0 tun0
10.20.40.5 * 255.255.255.255 UH 0 0 0 tun0
link-local * 255.255.0.0 U 1000 0 0 enp4s0
10.25.0.0 * 255.255.0.0 U 100 0 0 enp4s0

Routing table on client without established tunnel:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.25.0.1 0.0.0.0 UG 100 0 0 enp4s0
link-local * 255.255.0.0 U 1000 0 0 enp4s0
10.25.0.0 * 255.255.0.0 U 100 0 0 enp4s0

8dqqz
OpenVpn Newbie
Posts: 7
Joined: Mon Mar 06, 2017 1:34 pm

Re: Tunnel is up but no access to private subnets

Post by 8dqqz » Wed Mar 15, 2017 3:19 pm

I got it working now. I found out that my tap adapter on Windows wasn't getting an ip address or was not working properly and because I'm new to OpenVPN I mistakenly thought I misconfigured something. Disabling/enabling the adapter solved this issue. Further more: I enabled client-to-client, added routes in the server.conf and added static routes to servers on my lan pointing back to the VPN server so traffic coming in to the lan/servers, knows the correct way back to the vpn client on the other side of the wan/lan.

Post Reply