static routes for window client?

Post Reply
doctorysg
OpenVpn Newbie
Posts: 1
Joined: Tue May 29, 2018 5:15 pm

static routes for window client?

Post by doctorysg » Tue May 29, 2018 5:16 pm

There is something wrong with your website for submitting trouble tickets. When I put this ticket in, the site just displays a blank page, and no ticket is added.

My issue is that I can see that my client (windows 10) is connected to the remote AS server (Centos 7). But when I try to ping any machine (or tracert) to the remote machines. Then the packet does not even go to my Local client VPN address.

The local client is 172.27.225.77 but there is no route on the windows 10 computer that tells it that when I try to go to a remote machine (e.g. 192.168.0.15) which is only reachable via remote AS. Then it goes to my local gateway, not to the VPN client (172.27.225.77).

Is there a way to add a route on win10 to tell it to send the traffic to the VPN client (which has a static VPN address)?

(10.4.31.250 is the address of the router on my local corporate subnet where the win10 box is).

P:\>tracert -d 192.168.0.15

Tracing route to 192.168.0.15 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 10.4.31.250
2 <1 ms <1 ms <1 ms 10.11.21.1
3 1 ms <1 ms <1 ms 10.11.20.10


setenv FORWARD_COMPATIBLE 1
client
proto tcp
remote 10.239.0.58
port 22
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

novaflash
I should be on the dev team.
Posts: 679
Joined: Fri Apr 13, 2012 8:43 pm

Re: static routes for window client?

Post by novaflash » Tue May 29, 2018 5:32 pm

Sorry to hear that, not sure why that is. I can submit a support ticket just fine.

Regarding your issue, routes are added by using the access control in the Access Server. For example, VPN Settings > Allow access to private subnets > yes, using NAT > 192.168.0.0/24

I do have to point out that 192.168.0.0/24 is a very common subnet and you will encounter problems with this at some point. Nothing we can do about that, except ask you to re-IP your network to something more unique.

Post Reply