[Solved] Open VPN server on windows routing problem.

[tomputer]

Hi!
I try to configure open vpn beetwen server (windows 7) and client (Windows 10)

My VPN connection works fine, I can ping server and client in VPN tunel Subnet
But looks like there is no routing beetwen client and Server in default LAN

Server default adres in LAN is 10.1.6.105 mask 255.255.255.0 gateway 10.1.6.1
VPN TUNEL LAN subnet is 10.8.0.0

I enabled Routing in windows registry key and make forward on my router.

My server config file is

Code: Select all

[oconf=server]dev tun
proto udp4
port 1194
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\SerberVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\SerberVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
topology subnet
tls-server
client-config-dir "C:\\Program Files\\OpenVPN\\config"
route-method exe
route-delay 10
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
route 10.8.0.0 255.255.255.0
route 10.1.6.0 255.255.255.0 10.8.0.2
cipher AES-128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 4
# tls-cipher "DEFAULT:@SECLEVEL=0" - use this for 2.4.6 version only
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
tun-mtu 1500[/oconf]

Client config file

Code: Select all

[oconf=client]remote [my_server_public_ip]
client
proto udp4
port 1194
dev tun
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"

cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
mute 20
[/oconf]

I will be very grateful if someone of you can help my to set correct routing via Lan subnet 10.1.6.0 and VPN subnet 10.8.0.0

[cname]

I no longer have any Windows 7 machines. The only thing I can suggest is to let OpenVPN add the routes by itself. I’ve never found any need to specify them explicitly in the conf files. Mind you, that is with later versions of Windows.

[TinCanTech]

The only thing I can suggest is to let OpenVPN add the routes by itself. I’ve never found any need to specify them explicitly in the conf files

Because you are not trying to achieve the same result as this thread OP.

looks like there is no routing beetwen client and Server in default LAN

This is wrong:

route 10.1.6.0 255.255.255.0 10.8.0.2

This is right:

Code: Select all

route 10.1.6.0 255.255.255.0

You should probably see the howto ..

[tomputer]

I made change in route
but still can't connect any services in 10.1.6.0/24 network.
Only comunications between vpn tunel work.
My current server config file

Code: Select all

 
dev tun
proto tcp4
port 1194
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
topology subnet
tls-server
client-config-dir "C:\\Program Files\\OpenVPN\\config"
route-method exe
route-delay 10
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
route 10.8.0.0 255.255.255.0
route 10.1.6.0 255.255.255.0
cipher AES-128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 4
# tls-cipher "DEFAULT:@SECLEVEL=0" - use this for 2.4.6 version only
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
tun-mtu 1500

[TinCanTech]

https://community.openvpn.net/openvpn/w ... rversubnet.

[tomputer]

Thank You for help.
Now routing workking correct. After connect Clinet to VPN Server I can explore whole shared LAN subnet.
My current config file
Server :

Code: Select all

[conf]
dev tun
proto tcp4
port 1194
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
topology subnet
tls-server
client-config-dir "C:\\Program Files\\OpenVPN\\config"
server 10.8.0.0 255.255.255.0
route-delay 5
route-method exe
push "route 192.168.8.0 255.255.255.0"
cipher AES-128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 4
# tls-cipher "DEFAULT:@SECLEVEL=0" - use this for 2.4.6 version only
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
tun-mtu 1500
[/oconf]

Client:

Code: Select all

[oconf]
remote ip_server
client
port 1194
proto tcp4-client
dev tun
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"

cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
mute 20
[/oconf]

Additional config file for client

Code: Select all

ifconfig-push 10.8.0.2 255.255.255.0
iroute 192.168.8.0 255.255.255.0 10.8.0.1

[TinCanTech]

Now routing workking correct

So everything is fixed ?

[tomputer]

Yes. Everything is OK