VPN Connection successful but no routing to network?!

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
api
OpenVpn Newbie
Posts: 2
Joined: Sun Mar 27, 2011 8:31 am

VPN Connection successful but no routing to network?!

Post by api » Sun Mar 27, 2011 9:11 am

Hello folks,

I am struggling with a problem after moving my OpenVPN Linux server behind a Firewall router.
I once used the Linux server as gateway, router, DHCP, DNS and OpenVPN. OpenVPN Clients could connect to the local network 192.168.1.x behind the server.
Now I had to install a Netgear router as a new gateway, router, DHCP. I moved the Compaq server into the local network and now want to use it for OpenVPN only. The Netgear router got a firewall rule for forwarding Inbound Services on port 1194 UDP to the LAN IP of the server: 192.168.1.56.
First thing: The OpenVPN connection works fine.
Second thing: From the VPN client I cannot access any hosts in the LAN any more.

I try to give you some data/configs to get an impression. VPN network is 10.190.32.x.

--- Server side ---
Results of command "route" on the server. What I do not really understand are the entries for the host 10.190.32.2.
And is there a route missing that leads back from LAN to VPN network? But this worked in the old configuration as well and I do not right know what makes the difference here.

Code: Select all

Dest               Router          Genmask         Flags Metric Ref    Use Iface
10.190.32.2     *               255.255.255.255 UH    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
10.190.32.0     10.190.32.2     255.255.255.0   UG    0      0        0 tun0
link-local      *               255.255.0.0     U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         fwrouter  0.0.0.0         UG    0      0        0 eth0
OpenVPN server.conf. Routes and DHCP options are pushed to the client.

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/fw.crt
key /etc/openvpn/keys/fw.key  # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
server 10.190.32.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.55"
push "dhcp-option DOMAIN fielax.local"
keepalive 10 120
cipher AES-256-CBC    # AES 256 bit
comp-lzo
max-clients 20
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append  /var/log/openvpn/openvpn.log
verb 3
--- Client side ---
At the moment I use a Windows 7 OpenVPN GUI to connect to the server.
This gives ipconfig /all after connecting successful:

Code: Select all

   Verbindungsspezifisches DNS-Suffix: home.local
   Beschreibung. . . . . . . . . . . : TAP-Win32 Adapter V8
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv4-Adresse  . . . . . . . . . . : 10.190.32.10(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.252
   Standardgateway . . . . . . . . . :
   DHCP-Server . . . . . . . . . . . : 10.190.32.9
   DNS-Server  . . . . . . . . . . . : 192.168.1.55
   NetBIOS via TCP/IP . . . . . . . : Aktiviert
In Windows cmd the command "route print" looks like this.
What are the routes .8 and .11 for, when .10 is my current client IP?

Code: Select all

     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0      192.168.50.1    192.168.50.199     25  #(LAN of client)
      192.168.1.0    255.255.255.0      10.190.32.9     10.190.32.10     31
      10.190.32.1  255.255.255.255      10.190.32.9     10.190.32.10     31
      10.190.32.8  255.255.255.252   Auf Verbindung      10.190.32.10    286
     10.190.32.10  255.255.255.255   Auf Verbindung      10.190.32.10    286
     10.190.32.11  255.255.255.255   Auf Verbindung      10.190.32.10    286
Does anybody have an idea what to do? I cannot find any major mistakes and I could not find any hints in the /var/log files of the server. No mal-routed packets or anything.

Kind regards,
Anton
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: VPN Connection successful but no routing to network?!

Post by janjust » Sun Mar 27, 2011 10:05 pm

you're running openvpn in 'net30' mode, which means that it makes use of miniature /30 networks for its point-to-point connections. The .2 addres is the virtual endpoint of the point-to-point connection on the server.
Similarly on the client:
- the .8 address is the network address of the /30 subnet assigned to the client
- the .9 address is the virtual endpoint of the client
- the .10 address is the VPN IP itself
- the .11 address is hte broadcast address of the /30 subnet assigned to the client

All of this is "normal" OpenVPN behaviour.
As for your setup: is there a route on the netgear box to ensure that packets arriving from 10.190.32.x are sent back to the OpenVPN server. In your old setup this was not required, as the router was the openvpn server as well. In your new setup this is required.
Top
api
OpenVpn Newbie
Posts: 2
Joined: Sun Mar 27, 2011 8:31 am

Re: VPN Connection successful but no routing to network?!

Post by api » Mon Mar 28, 2011 9:53 am

Janjust, you are my hero of the day ;-)
After adding a static route to my Netgear router for routing all packets destinated to 10.190.32.0/24 to gateway 192.168.1.56 (OpenVPN server) everything works absolutely perfect!
Kind regards,
Anton
Top
Post Reply

Return to “Configuration”