I am currently trying to setup a OpenVPN server at my home-office location for myself. This connection will be used for remote connection to local server(s) en services withing my home-office LAN.
My ubuntu server is currently running as vmware image for testing purposes, when I am able to configure all as needed it will be moved to a seperate box.
The problem being that I perfectly recieve a vpn IP address from the openvpn server and I am able to ping the tunnen but no way that I can connect (ping) other boxes on the same network.
When trying out the OpenVPN AS all goes smootly and I have complete acces to the remote network, thus leaving me to believe it is a configuration fault on my side.
My setup is as follows:
internet <> router (sagem livebox) <> ubuntu server (openvpn)
IP configuration is as follows:
85.xxx.xxx.xxx (external IP) <> 192.168.1.1 (dhcp, internal IP) <> 192.168.1.19 (internal IP)
Versions being used:
OS & OpenVPN server:
Code: Select all
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=10.04
DISTRIB_CODENAME=lucid
DISTRIB_DESCRIPTION="Ubuntu 10.04.2 LTS"
Code: Select all
Package: openvpn
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 1240
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 2.1.0-1ubuntu1.1
Code: Select all
Windows 7
Code: Select all
OpenVPN Gui v1.0.03
Code: Select all
port 1194
proto udp
dev tun0
ca keys/pv/ca.crt
cert keys/pv/srvkey.crt
key keys/pv/srvkey.key
dh keys/pv/dh2048.pem
server 100.100.0.0 255.255.255.0
crl-verify keys/pv/crl.pem
ifconfig-pool-persist servers/wega/logs/ipp.txt
tls-auth servers/wega/ta.key 0
cipher AES-128-CBC
user nobody
group nogroup
status servers/wega/logs/openvpn-status.log
log-append servers/wega/logs/openvpn.log
verb 4
mute 20
max-clients 5
management 127.0.0.1 4545
keepalive 10 120
client-config-dir /etc/openvpn/servers/wega/ccd
tls-server
client-to-client
comp-lzo
persist-key
persist-tun
ccd-exclusive
push "route 192.168.0.0 255.255.0.0"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option WINS 100.100.0.1"
Client config:
Code: Select all
client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert cl001.crt
key cl001.key
remote www.pv 1194
tls-auth ta.key 1
cipher AES-128-CBC
verb 4
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.100.0.2 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
100.100.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
100.100.0.0 100.100.0.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
Code: Select all
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE
If someone could help me find the right direction i would be grateful!
Thnx,
profweirdo
[Edit]
- Even after disabling iptables no success, command used: iptables -F
- Just tried function "topology subnet", also without success.
- Just added a static route (via webinterface of sagem livebox) and (with firewalls of client turned off) I can ping the client (100.100.0.6) from other server in remote LAN (192.168.1.5).
route looks like this:
LAN Bridge 100.100.0.0 192.168.1.19 255.255.255.0 1 Applied
I can only choose from LAN Bridge, WAN ETHoA of WAN ETH oA2, when choosing the latter status changes to Not Applicable.
What keeps my mind going is how is ths OpenVPN AS able to this without all of these settings????
[/Edit]