Help with Server Configuration

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
austin2016
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 29, 2023 2:01 pm

Help with Server Configuration

Post by austin2016 » Wed Mar 29, 2023 2:28 pm

Hello,
I was able to install my openvpn server, and get it up and running. The server takes the IP address 10.23.0.1, and if I let openvpn pick from the available pool, it gives the client the address 10.23.0.2, and I'm able to set up ufw rules to allow the client to get to networks accessible by the openvpn server (10.10.x.x and others).
However, I want to assign the client the address 10.23.1.1. When I do this, my client connects, but I'm unable to access the other network resources I need the client to get to, and I'm not even able to ping 10.23.0.1 from the client. I think I'm missing a routing step that will allow the client to properly access the network.
These are the relevant parts of the server configuration

Server Config

topology subnet
server 10.23.0.0 255.255.0.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.10.10.62 255.255.255.0"
push "route 10.23.0.0 255.255.0.0 10.23.0.1 1"
push "dhcp-option gateway 10.23.0.1"
route 10.23.1.0 255.255.255.0


Client Configuration Directory file

ifconfig-push 10.23.1.1 10.23.1.2


Even though the client connects, it does give an error when it tries to push the route.

[olog]
route.exe ADD 10.10.10.62 MASK 255.255.255.0 10.23.0.1 METRIC 200
ERROR: route addition failed using service. The parameter is incorrect
[/olog]

It succeeds in pushing 10.23.0.0 and the relevant output of "print route" on the Windows client is

[olog]
10.23.0.0 255.255.0.0 10.23.0.1 10.0.0.2 26
10.23.0.0 255.255.255.0 10.23.0.1 10.0.0.2 26
10.23.1.1 255.255.255.255 On-link 10.23.1.1 281
[/olog]

10.0.0.2 is the local address of the client

Are there steps I'm missing in the server configuration, or do I need to add ufw or iptables rules on the server to allow communication from the client to the server and other networks like 10.10.10.x

Thanks for your help.

Post Reply