Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Wed Apr 16, 2014 4:15 am


Forum rules


If you would like help, here is a few things you will want to do in order to help us help you.

**Post your configs from client and server, without comments. you can strip comments in linux/bsd with something like this:
grep -vE '^#|^;|^$' server.conf
**Tell us your goal.
**If you are having problems connecting, post your logfiles from server and client after using verb 4 in both configs


Also, there are 2 things you should be aware of:

**Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. Why TCP Over TCP Is A Bad Idea: http://sites.inka.de/~bigred/devel/tcp-tcp.html
**You ONLY want to use dev tap if you are tunneling layer2 traffic, if you are using IP traffic you want tun. If you are using tap only for windows file sharing, look into running a WINS server instead.



Post new topic Reply to topic  [ 29 posts ]  Go to page 1, 2  Next
 No internet access when VPN connected 
Author Message
 Post subject: No internet access when VPN connected
PostPosted: Fri Feb 25, 2011 6:11 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Hi

I am having problems with setting up a VPN to my office. The setup I have is extremely simple and is defined below.

AT WORK

Internet --- (81.149.184.36) ROUTER (192.168.1.254) --- Files & VPN Server (192.168.1.100)

AT HOME

Internet --- ROUTER (192.168.0.1) --- Client (192.168.0.5)


Client Config

client
dev tun
proto udp
remote 81.149.184.36 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert pwclient.crt
key pwclient.key
comp-lzo
verb 3


Server Config

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
#push "dhcp-option DNS 192.168.1.254"
#push "dhcp-option DNS 10.8.0.1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
mode server
tls-server


What I want is simple:
1. To be virtually connected to my work lan via vpn from home (so people can work from home)
2. To route internet access and dns through my home router when necessary
3. To be able to connect to the file shares on the vpn server at work
4. To be able to connect to my work routers http admin configuration pages (not really vital but cant see why it doesnt work)

Problems

Connecting to VPN is fine and accessing my files is fine. As for #2 and #4, I cannot get these to work. If I try to connect to 192.168.1.100 it connects fine, but when I try 192.168.1.254 it doesnt work. Do I need to manually set this up as a route somehow?

As you can see I've been fidling around with the gateway and dns routing commands in the server config but have not been able to get a VPN connection up without losing my internet access at home. With some configs I have dns but no gateway, with others I have a gateway with no dns, and even if I manually set my gateway to point to my local home router ip, it still will not send and receive normal traffic that way. I have also tried NATing traffic through the VPN server to the work router which isnt an ideal solution and doesnt seem to work anyway.

I do get given a 10.* ip address when I connect, and I can ping my home router which suggests that internet traffic should be working.

Is there something I'm doing wrong here. I noticed that the pseudo network it uses has a subnet mask of 255.255.255.252 does that mean that only 1 client can connect to the vpn at a time? I will definately need multiple users connecting at the same time. Sorry for the VPN ignorance. I'm used to using the VPN on Microsoft Servers, but I think this works a little differently.

Thanks for all your help


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 11:05 am 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2784
Location: Athens,Greece
hi there,

try adding a static route for your vpn subnet (10.8.0.0/24) on your work router (192.168.1.254)


cheers,

michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 12:40 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Hi Michael

I am using a BT Business Broadband Router at work. When I try to add:

Subnet IP: 10.8.0.0
Subnet Mask: 255.255.255.0
Gateway IP: 192.168.1.254

It tells me Error, Invalid Configuration. Is the above what you meant? It could be a problem with the router tho. Perhaps its locked down so you cant add routes or something. Also, do I have to disable routing on my router and use bridge mode? If so, I need NAT and DHCP so its not really an option for me.

Thanks

Phil


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 12:45 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Perhaps if I add this route to the server config? Seems a bit silly that openvpn doesnt already add this route tho. Would it just be

route 10.8.0.0 255.255.255.0 192.168.1.254

Thanks

Phil


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 12:48 pm 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2784
Location: Athens,Greece
hi philios33,

>It tells me Error, Invalid Configuration. Is the above what you meant?

yeap..

>Also, do I have to disable routing on my router and use bridge mode?

no..doing so means that you need a router to establish your internet connection (and NAT).

there are 3 ways to avoid the static route thing on your router.

1) do NAT on your vpn server (that means that traffic comes from vpn will seems to coming from
the lan ip of vpn server itself)

2) setup a proxy server inside your lan and use it from your vpn clients...

3)replace the BT router with one that does static routes :)

cheers,

michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 12:50 pm 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2784
Location: Athens,Greece
>Perhaps if I add this route to the server config? Seems a bit silly that openvpn doesnt already add this route tho. Would it just be

>route 10.8.0.0 255.255.255.0 192.168.1.254

no ,dont add this...

the problem is that the router sees packets from your vpn net and probably it
forwards them to internet (because it doesnt know that they come from your vpn server)
thats why the static route is needed.

michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 12:56 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Ah ok. I have tried #1 in the past with no luck. Is this the right thing to do? Because this doesnt seem to work either.

Code:
phil@ubuntu:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.254

phil@ubuntu:~$ sudo iptables-save
# Generated by iptables-save v1.3.3 on Mon Feb 28 12:58:53 2011
*nat
:PREROUTING ACCEPT [19112:4609087]
:POSTROUTING ACCEPT [17575:4532274]
:OUTPUT ACCEPT [1563:359748]
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Feb 28 12:58:53 2011
# Generated by iptables-save v1.3.3 on Mon Feb 28 12:58:53 2011
*filter
:INPUT ACCEPT [4873214:3438921517]
:FORWARD ACCEPT [111831:35934249]
:OUTPUT ACCEPT [3939015:863992395]
COMMIT
# Completed on Mon Feb 28 12:58:53 2011
phil@ubuntu:~$


For some reason it doesnt get listed as a rule when i do iptables -L tho


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 12:59 pm 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2784
Location: Athens,Greece
please show output of

iptables -L -t nat

michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 1:39 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Code:
phil@ubuntu:~$ sudo iptables -L -t nat
Password:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.8.0.0/24          anywhere           
MASQUERADE  all  --  10.8.0.0/24          anywhere           
MASQUERADE  all  --  10.8.0.0/24          anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
phil@ubuntu:~$


I think I did it 3 times by accident cos I didnt think it was saving


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 1:47 pm 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2784
Location: Athens,Greece
nat is right...

did you enable ip forwarding?

cheers,

michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 1:53 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
No. Sorry I'm a bit of a noob. Didnt know you had to do that. I will check it tonight when I get home and thanks for all your help.

Phil

Code:
phil@ubuntu:~$ cat /proc/sys/net/ipv4/ip_forward
0
phil@ubuntu:~$ vim /etc/sysctl.conf
phil@ubuntu:~$ sudo vim /etc/sysctl.conf
phil@ubuntu:~$
phil@ubuntu:~$ sudo sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
phil@ubuntu:~$
phil@ubuntu:~$ cat /proc/sys/net/ipv4/ip_forward
1
phil@ubuntu:~$


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 10:13 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Finally its working. Thanks Michael. I also had to comment out the following line on the server side for it to work.

Code:
#push "redirect-gateway def1"


Tho, I'm still getting a 255.255.255.252 subnet and no gateway

Code:
C:\Users\Phil>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::5561:3d70:c38e:66ec%14
   IPv4 Address. . . . . . . . . . . : 10.8.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::59e8:1bea:d99c:b471%11
   IPv4 Address. . . . . . . . . . . : 192.168.0.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1


and still cannot access 192.168.1.254 (or for that matter, probably any client other than the vpn server). Its not a major problem for now. But I can see problems in the future if we were to say install a NAS file server on the LAN and we wanted to access it through the vpn. I thought thats what the client-to-client directive meant. Could anyone clear up these questions for me?

Thanks

Phil


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Mon Feb 28, 2011 10:18 pm 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Really confused now. My DNS is using 10.8.0.1 (the vpn server), but my other traffic is still going through my local router. I would expect to be told my office ip on whatsmyip but i'm not. This is actually what I wanted, but I cant see how the ipforwarding on the vpn server is actually doing anything if this is the case.

Anyway, it works for now....


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Tue Mar 01, 2011 8:25 am 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2784
Location: Athens,Greece
hi philios33,

>#push "redirect-gateway def1"

by disabling this , *ALL* your traffic goes over your local router

so if you want to access the internet via the vpn you need the above directive.

>and still cannot access 192.168.1.254

if you enabled NAT you will see 192.168.1.254,with NAT disabled you must setup
a static route on your router for the vpn network.

to check if NAT on vpn server works do the following:
try to connect to another server inside your lan (f.e via ssh)
your connection will seems to come from the vpn server itself.

to solve your probs needs step by step troubleshoot so:
to check ip forwarding is ok simply ping (from vpn client) both vpn interface and lan interface,they both should respond.
if you have NAT enabled (on server) try ping (from client) one pc inside your net.
this should also respond
if you have NAT disabled (on server) then the pcs inside your lan must have a static route
for the vpn subnet...

check the above and tell us which worked

cheers,

michael.

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
 Post subject: Re: No internet access when VPN connected
PostPosted: Tue Mar 08, 2011 11:30 am 
OpenVPN User

Joined: Fri Feb 25, 2011 2:16 am
Posts: 14
Hi Michael

I will leave the gateway stuff alone, as this is working as intended in my 1st post.

Have setup NAT on the VPN server but it doesnt look like its working.

When connected remotely, can only see myself and the VPN server on the 192.168.1 subnet. Ping to 192.168.1.254 does not work even tho it does work if I ping from inside the LAN. Could this be because PCs on my LAN are using 192.168.1.254 as a gateway anyway???

Not sure what IPs you want me to ping in your other suggestions.

Thanks

Phil


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 29 posts ]  Go to page 1, 2  Next


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.230s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group