[Resolved] OpenVPN server and client same machine

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
joseph32
OpenVpn Newbie
Posts: 3
Joined: Sun Sep 03, 2017 12:37 pm

[Resolved] OpenVPN server and client same machine

Post by joseph32 » Sun Sep 03, 2017 12:51 pm

I have a Windows Server 2016 that connects to a VPN provider. At them same time I want the Windows Server to be a VPN server to tunnel into my LAN (10.0.42.0/24).

HomeServer -> VPN provider works well, Client -> HomeServer works well, but I cannot connect to the HomeServer when the HomeServer is connected with VPN provider and vice versa. VPN provider config has a no-bind setting set, and both config use different ports.

openvpn --show-adapters shows:

Code: Select all

OpenVPN_Server' {F12DAEDB-2D70-440D-9B5D-35E3935EDAFD}
'OpenVPN_Client' {D79D14E4-FEE1-4AF0-8467-BD96587BB07C}
I've set server.ovpn to

Code: Select all

dev-node {F12DAEDB-2D70-440D-9B5D-35E3935EDAFD}
. However, I cannot specify the client to use OpenVPN_Client, it says it cannot find the GUID of OpenVPN_Client. Instead, it connects using:

Code: Select all

TAP-WIN32 device [<VPN_config_filename>] opened: \\.\Global\{883E0867-7F03-409F-B60C-1949E0378AE8}.tap
.

I've tried to turn off Windows firewall completely, but doesn't work. I've tried a different VPNconfig/provider, but same thing happens.

In addition, I've noticed that I cannot RDP via my external IP when the VPN client is connected, while I can when it is disconnected. It appears the VPN client is blocking incoming connections somehow.

I assume it's some kind of routing issue, but I'm too noob to understand what it may be...

VPN Windows Server config:

Code: Select all

mode server
tls-server

port 6667

;proto tcp
proto udp

;dev tap
dev tun

dev-node {F12DAEDB-2D70-440D-9B5D-35E3935EDAFD}

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.42.0 255.255.255.0"
client-to-client
keepalive 10 120
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
VPN provider config (client)

Code: Select all

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
verb 3
explicit-exit-notify 5
rcvbuf 262144
sndbuf 262144
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>


I'd really appreciate any help!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3347
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN server and client same machine

Post by TinCanTech » Sun Sep 03, 2017 1:49 pm

You require policy based routing.

What you are trying to do cannot be done with Wind-blows.
https://blogs.technet.microsoft.com/net ... g-systems/

joseph32
OpenVpn Newbie
Posts: 3
Joined: Sun Sep 03, 2017 12:37 pm

Re: OpenVPN server and client same machine

Post by joseph32 » Tue Sep 05, 2017 6:11 am

Thanks for your help. That's really a pity.

Does this also explain why I cannot RDP into the server when the OpenVPN client on the server is connected to the VPN provider? I've port forwarded 3389 (RDP) on my home router, which allows me to connect from an remote location to my home server via RDP.

However, when the OpenVPN client is connected on the server, I cannot RDP in anymore (via my external IP from my home):
LOCAL_IP => RDP => server (works)
EXTERNAL_IP => RDP => server (does not work)

Nmap shows that port 3389 is "closed/filtered" when OpenVPN client is connected, but "open" when client is not connected.

Appears to be similar to issue above? Is it because the server cannot route packets back to the local router and instead routes them over the VPN tunnel?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3347
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN server and client same machine

Post by TinCanTech » Tue Sep 05, 2017 11:42 am

In answer to your questions: Yes ..

Do you know what "--redirect-gateway" means ? (In the context of openvpn)

joseph32
OpenVpn Newbie
Posts: 3
Joined: Sun Sep 03, 2017 12:37 pm

Re: OpenVPN server and client same machine

Post by joseph32 » Tue Sep 05, 2017 2:08 pm

Yes, OpenVPN will change the default gateway to the gateway advertised by the OpenVPN interface. That way, all traffic is routed through the VPN tunnel. Anyway, I've solved this issue by using the port-forwarding feature of my VPN provider. I'll host the OpenVPN server on another device on my network.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3347
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN server and client same machine

Post by TinCanTech » Tue Sep 05, 2017 2:14 pm

Great .. Thanks for letting us know your solution 8-)

Locked