OpenVPN Support Forum

Hi,

I'm a little stumpted. In the past I've been able to access hosts behind my openVPN server by setting things up according to these instructions in the documentation.

After not needing openVPN for a while I tried to set it up again and I'm having an issue - I can ping the VPN server's local gateway router at 192.168.0.1 but no other hosts on the VPN server's network. My VPN subnet is 10.8.0.0/24, the local network of the VPN server is 192.168.0.0/24 The local network of the client is 192.168.1.0/24

Here is my server.conf:
Here is my client configuration: IP forwarding is activated on the server (it must be as I can ping the server's gateway). The router has a static route set to send traffic for VPN clients back to the VPN server:



What am I doing wrong? I'm beginning to suspect a bug in my router! Any advice would be greatly appreciated.

First,

• NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN

• You are advised to change your server LAN to a more unique RFC1918 compliant subnet.
  For example: 192.168.143.0/24

Also, ensure IP forwarding is enabled on your server.

Please see:
HOWTO: Request Help ! {2}

TinCanTech wrote:First,

• NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

Understood, but that is not the problem here, the server and client local subnets, whilst not ideal, are different and there is not conflict there. I may go about re-configuring them once I've resolved the issue at hand.

TinCanTech wrote: Also, ensure IP forwarding is enabled on your server

As stated in my original post, it is enabled.

Is --pull missing in Client config?

@pippin --client = --tls-client & --pull .. so no

The router on the server's subnet is a TP link TD-W89688.

I can't log in to the router's web interface from the VPN client but I do connect and get an HTTP response "403 Forbidden" which I'm guessing is because the source address is from the VPN subnet and the router is configured to only allow access to client IPs on it's own local subnet. That suggests to me that the router itself is respecting the static route configuration it's just not implementing it for packets it forwards from other LAN clients?

I'm unsure what to check next? Could firewall rules on the router be interfering? I only have a couple of port forwardings from the WAN interface set up. I don't suppose anyone reading this has experienced bugs with static routes using the TD-W8968 or other TP link models?

I manually added a static route back to the VPN server on a linux host sat behind the VPN server.
This fixed things for that host, VPN clients can talk to it. So I think I can conclude it's a problem with the router not respecting the static route setting rather than any problem with my openVPN config? I guess it's time for a new router...

i solved this problem by setting up the second ip-adress for my router. I used the same ip-range / the same subnet like the VPN configuration. Now i was able to access the web-interface while i had a VPN connection.