server does not dialogue with pc client behind openvpn client router

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
francescolca
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 19, 2023 6:46 am

server does not dialogue with pc client behind openvpn client router

Post by francescolca » Thu Jan 19, 2023 7:14 am

please help me.
i configured windows server as openvpn server and a teltonika router as openvpn client. Now from client PCs that are connected to teltonika router I can reach the server at the address 10.8.0.1 of the tunnel. While from the server I can not connect to the pc that are on the lan of the router teltonika that has openvpn 10.8.0.6 and lan 192.168.0.0/24.According to you the problem lies in the configuration side openvpn server or side port forwarding on teltonika router.My need is that the server can reach client PCs on the 192.168.0.0/24 network. You could give me some suggestions.

openvpn server configuration

# open up this port on your firewall.

port 1194



# TCP or UDP server?

;proto tcp

proto udp



# the firewall for the TUN/TAP interface.

;dev tap

dev tun



# Non-Windows systems usually don't need this.

;dev-node openvpn




ca ca.crt

cert server.crt

key server.key # This file should be kept secret



# Diffie hellman parameters.

# Generate your own with:

# openssl dhparam -out dh2048.pem 2048

dh dh.pem



# Network topology


# Defaults to net30 (not recommended)

;topology subnet




# ethernet bridging. See the man page for more info.

server 10.8.0.0 255.255.255.0



# previously assigned.

ifconfig-pool-persist ipp.txt



# to connecting clients. Leave this line commented

# out unless you are ethernet bridging.

server-bridge 10.8.0.1 255.255.255.0 10.8.0.50 10.8.0.100




;server-bridge




# back to the OpenVPN server.

;push "route 192.168.0.0 255.255.255.0"

;push "route 192.168.112.0 255.255.255.0"



# First, uncomment out these lines:

;client-config-dir ccd

;route 192.168.40.128 255.255.255.248

;client-config-dir ccd

;route 10.9.0.0 255.255.255.252

# Then add this line to ccd/Thelonious:

# ifconfig-push 10.9.0.1 10.9.0.2





# page for more info on learn-address script.

;learn-address ./script



# in order for this to work properly).

;push "redirect-gateway def1 bypass-dhcp"



# DNS servers provided by opendns.com.

;push "dhcp-option DNS 208.67.222.222"

;push "dhcp-option DNS 208.67.220.220"





# server's TUN/TAP interface.

;client-to-client



# UNCOMMENT THIS LINE OUT.

;duplicate-cn




keepalive 10 120



# on the server and '1' on the clients.

tls-auth ta.key 0 # This file is secret



# See also the ncp-cipher option in the manpage

cipher AES-256-CBC



# versions see below)

;compress lz4-v2

;push "compress lz4-v2"



# enable it in the client config file.

;comp-lzo



# clients we want to allow.

;max-clients 100



# It's a good idea to reduce the OpenVPN

# daemon's privileges after initialization.

#

# You can uncomment this out on

# non-Windows systems.

;user nobody

;group nobody



# The persist options will try to avoid

# accessing certain resources on restart

# that may no longer be accessible because

# of the privilege downgrade.

persist-key

persist-tun



# Output a short status file showing

# current connections, truncated

# and rewritten every minute.

status openvpn-status.log



# By default, log messages will go to the syslog (or

# on Windows, if running as a service, they will go to

# the "\Program Files\OpenVPN\log" directory).

# Use log or log-append to override this default.

# "log" will truncate the log file on OpenVPN startup,

# while "log-append" will append to it. Use one

# or the other (but not both).

;log openvpn.log

;log-append openvpn.log



# Set the appropriate level of log

# file verbosity.

#

# 0 is silent, except for fatal errors

# 4 is reasonable for general usage

# 5 and 6 can help to debug connection problems

# 9 is extremely verbose

verb 3



# Silence repeating messages. At most 20

# sequential messages of the same message

# category will be output to the log.

;mute 20



# Notify the client that when the server restarts so it

# can automatically reconnect.

explicit-exit-notify 1



Openvpn client configuration:

##############################################

# Sample client-side OpenVPN 2.0 config file #

# for connecting to multi-client server. #

# #

# This configuration can be used by multiple #

# clients, however each client should have #

# its own cert and key files. #

# #

# On Windows, you might want to rename this #

# file so it has a .ovpn extension #

##############################################



# Specify that we are a client and that we

# will be pulling certain config file directives

# from the server.

client



# Use the same setting as you are using on

# the server.

# On most systems, the VPN will not function

# unless you partially or fully disable

# the firewall for the TUN/TAP interface.

;dev tap

dev tun35



# Windows needs the TAP-Win32 adapter name

# from the Network Connections panel

# if you have more than one. On XP SP2,

# you may need to disable the firewall

# for the TAP adapter.

;dev-node MyTap



# Are we connecting to a TCP or

# UDP server? Use the same setting as

# on the server.

;proto tcp

proto udp



# The hostname/IP and port of the server.

# You can have multiple remote entries

# to load balance between the servers.

remote 195.231.86.122 1194

;remote my-server-2 1194



# Choose a random host from the remote

# list for load-balancing. Otherwise

# try hosts in the order specified.

;remote-random



# Keep trying indefinitely to resolve the

# host name of the OpenVPN server. Very useful

# on machines which are not permanently connected

# to the internet such as laptops.

resolv-retry infinite



# Most clients don't need to bind to

# a specific local port number.

nobind



# Downgrade privileges after initialization (non-Windows only)

;user nobody

;group nobody



# Try to preserve some state across restarts.

persist-key

persist-tun



# If you are connecting through an

# HTTP proxy to reach the actual OpenVPN

# server, put the proxy server/IP and

# port number here. See the man page

# if your proxy server requires

# authentication.

;http-proxy-retry # retry on connection failures

;http-proxy [proxy server] [proxy port #]



# Wireless networks often produce a lot

# of duplicate packets. Set this flag

# to silence duplicate packet warnings.

;mute-replay-warnings



# SSL/TLS parms.

# See the server config file for more

# description. It's best to use

# a separate .crt/.key file pair

# for each client. A single ca

# file can be used for all clients.

ca ca.crt

cert client.crt

key client.key



# Verify server certificate by checking that the

# certificate has the correct key usage set.

# This is an important precaution to protect against

# a potential attack discussed here:

# http://openvpn.net/howto.html#mitm

#

# To use this feature, you will need to generate

# your server certificates with the keyUsage set to

# digitalSignature, keyEncipherment

# and the extendedKeyUsage to

# serverAuth

# EasyRSA can do this for you.

remote-cert-tls server



# If a tls-auth key is used on the server

# then every client must also have the key.

tls-auth ta.key 1

pleas help me

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: server does not dialogue with pc client behind openvpn client router

Post by 300000 » Thu Jan 19, 2023 10:06 am

You need setting site to site connection if you want openvpn server connect to openvpn client ' lan subnet. You can do ipfoward and nat at teltonika router as only you can do that then add subnet of lan client into openvpn server. .just research site to site and try yourself to make it work. Peoples in here dont have hardwares so there is no way we can test it for you.

Post Reply