How can I get client-to-client work between Win10 machines

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nickh
OpenVPN User
Posts: 22
Joined: Sun Mar 02, 2014 1:25 pm

How can I get client-to-client work between Win10 machines

Post by nickh » Fri Sep 27, 2019 5:34 pm

I'm afraid I struggled searching this on the forum as it just searches for client which is a very common key word.

I am trying to get two remote Windows 10 PC's to communicate so one can control the other by VNC. I can do this with no problem when I am on my LAN with the OpenVPN server, connected to remote OpenVPN connected Windows PC's. When I am also remote I cannot get it to work. I have the following configs:
Server Config

port 1194
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 172.17.0.0 255.255.255.0
keepalive 10 120
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
status /var/lib/openvpn/openvpn-status.log
verb 3
push "dhcp-option DNS 172.17.2.1"
push "dhcp-option DOMAIN howitts.co.uk"

management 127.0.0.1 5555

compress stub-v2
push "compress stub-v2"

log-append /var/log/openvpn

route 172.17.3.0 255.255.255.0
client-config-dir ccd
client-to-client
push "dhcp-option WINS 172.17.2.1"
push "route 172.17.2.0 255.255.255.0"


The client config is the same at both ends apart from the certificates:
Client Config

client
remote howitts.poweredbyclear.com 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-ourfamily-cert.pem
key client-ourfamily-key.pem
ns-cert-type server
comp-lzo
verb 3


When connected, the remote routing table looks like:
Client routing table

===========================================================================
Interface List
3...90 fb a6 69 e0 10 ......Realtek PCIe GBE Family Controller
14...00 ff c3 9b 7a 22 ......TAP-Windows Adapter V9
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.17.0.0 255.255.255.0 172.17.3.5 172.17.3.6 25
172.17.2.0 255.255.255.0 172.17.3.5 172.17.3.6 25
172.17.3.4 255.255.255.252 On-link 172.17.3.6 281
172.17.3.6 255.255.255.255 On-link 172.17.3.6 281
172.17.3.7 255.255.255.255 On-link 172.17.3.6 281
192.168.0.0 255.255.255.0 On-link 192.168.0.10 281
192.168.0.10 255.255.255.255 On-link 192.168.0.10 281
192.168.0.255 255.255.255.255 On-link 192.168.0.10 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.17.3.6 281
224.0.0.0 240.0.0.0 On-link 192.168.0.10 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.17.3.6 281
255.255.255.255 255.255.255.255 On-link 192.168.0.10 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
14 281 fe80::/64 On-link
3 281 fe80::/64 On-link
3 281 fe80::15ab:82a3:cae:7003/128
On-link
14 281 fe80::e59d:e9c7:d6a0:53f6/128
On-link
1 331 ff00::/8 On-link
14 281 ff00::/8 On-link
3 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


And for completeness, the remote client ipconfig:
Client routing table

Windows IP Configuration


Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::15ab:82a3:cae:7003%3
IPv4 Address. . . . . . . . . . . : 192.168.0.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . : howitts.co.uk
Link-local IPv6 Address . . . . . : fe80::e59d:e9c7:d6a0:53f6%14
IPv4 Address. . . . . . . . . . . : 172.17.3.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :


Looking at the routing table, there is no route from 172.17.3.0/24 via the server. Like this, from my PC which is similar but a different OpenVPN IP address, there would be no route to 172.17.3.6 via the VPN. Do I also need to add to the server a

Code: Select all

push "route 172.17.3.0 255.255.255.0"
Or will this break other things?

nickh
OpenVPN User
Posts: 22
Joined: Sun Mar 02, 2014 1:25 pm

Re: How can I get client-to-client work between Win10 machines

Post by nickh » Sat Sep 28, 2019 11:17 am

It looks like that does the trick. It is also the last comment in this section of the HowTo.

Post Reply