OpenVPN setup and working.... Mostly

[cebrooks]

Server is 2008r2 and client is w7. Both 64bit. Also tested on xp 32bit.

Server config:

proto udp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

I can ping the server 10.8.0.1 from ether test client but am not able to access a file share. I'm not pushing any routes as this server is the only resource needing accessed. Always used OpenVPN in bridged mode but am not able to do so this time. Any help would be outstanding, thanks in advance!

[maikcat]

hi there,

the fact that you can ping the win2008 shows
that the tunnel is up and works..

so the problem is related to SMB/CIFS service..
did you setup win2008 firewall properly?

from win7 how do you trying to access the share?

michael.

[janjust]

how do you wish to access a share? does

Code: Select all

start \\10.8.0.1

in a CMD window work? is the tap-win32 adapter on the VPN server firewalled or not?

[cebrooks]

I thought I had the firewall properly configured. Pretty much have anything related to file sharing enabled for both inbound and outbound.

[janjust]

so, did

Code: Select all

start \\10.8.0.1

work or not? if not, what kind of error are you getting?

[cebrooks]

Sorry about that. No, it did not work, failing with "the network path was not found" error

[peterlinuxgeek]

push a route ...

would
push "route ip.add.of.serv 255.255.255.254"

help?

Peter

[janjust]

Is filesharing (windows file sharing protocol) bound to the tap-win32 adapter? can you try pinging the VPN IP with a larger packet size, e.g.

Code: Select all

ping -f -l 1472 10.8.0.1

[cebrooks]

janjust- Yes, FPS is bound to the TAP and I can ping with a 1472 byte packet.

Peter- Don't think I need to push the route because I can already ping the dest. Don't need to get to anything other then the 10.8.0.1 server. However, this being a windows environment I'm going to try it for fun!

[cebrooks]

janjust- to rule out the firewall i turned it off and tested with the same results.

[janjust]

hmmm this sounds more and more like a windows issue, not an OpenVPN issue. Or rather, an interaction issue between windows and the tap-win32 adapter.

Try adding a route to the VPN client, e.g.

Code: Select all

route add <vpn-server-lan-ip> mask 255.255.255.0 10.8.0.5

so that you can reach the LAN address of the server itself. Then try

start \\<lan-ip>

to see if you can reach the LAN address.

[cebrooks]

Ok, nothing is working. The one difference with this server is that it is a dedicated server in the 1 and 1 data center. I've never set one up one this environment......

[janjust]

hmmm try running some other application/protocol over the VPN, for example 'iperf' (http://www.filewatcher.com/m/iperf-1.7. ... 8.0.0.html) If that works as it should then the VPN is functioning as it should, it's just the integration with windows file sharing which is the pain in the butt then....

[cebrooks]

Well this is a good one. I figured it out...... with help.

So I have never worked with a hosted server 2008 of any type. Always a customer owned server so I have never run into the ip filter in server 2008. I discovered this after discussing with 1and1 server support. I un assigned the filter as a test and bam, file share access worked. So I then set the filter to ignore the 10.8.0.1 and we now have access!

I learned a lot with this one and want to thank all, especially janjust for all his time!

[janjust]

no problem ; would you care to explain a bit more what this filter is? where can it be found in windows? how can it be disabled?

[cebrooks]

Sure,

The filter is accessed through Administrative Tools>Local Security Policy

Select: IP Security Policy on Local Computer

The policy will show in right pane. Rt click to unassign.

What I did was to open the policy and edited the BLOCK ALL rule. Select the Tunnel Settings Tab and click the radio button for Tunnel End Points are Specified by These Addresses and entered the IPv4 address for the TAP adapter, 10.8.0.1.

It does take a few secs for the resolution to complete when first accessing the shares but after that it works great.