Yet another Ping ok, but no internet access.

[vpnuser2011]

Hi. I'm sorry if this is a beginner problem, but I just can't figure it out.
I have set up a VPN server on my computer running windows 7 x64 (ip 192.168.11.111) with the following config:
---
local 192.168.11.111
port 46464
proto udp
mssfix 1400
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
dev tap
dev-node TAPopenVPN #because I have renamed the TAP adapter
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.0.8.0 255.255.255.128 # This assigns the virtual IP address and subnet to the server's OpenVPN connection. Make sure the Routing Table entry matches this.
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1" # This will force the clients to use the home network's internet connection
keepalive 10 120
cipher BF-CBC
comp-lzo
max-clients 3
persist-key
persist-tun
status openvpn-status.log
verb 1
----
I have changed the registry key IPEnableRouter to 1 (HKLM/system/currcontrolset/services/tcpip/parameters).
The computer is connected to the router (ip 192.168.11.1). I have set up port forwarding (port 46464 to ip 192.168.11.111) and the advanced routing (destip 10.0.8.0 , netmask 255.255.255.128, gateway 192.168.11.111, interface LAN) on the router.
The client is another computer (192.168.0.102) running XP , connected to a different router (192.168.0.1) on a different internet connection with the following config:
----
client
dev tap
dev-node TAPopenVPN
proto udp
remote hereismyconnection.dyndns.org 46464
route 192.168.11.0 255.255.255.0 vpn_gateway 3
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 1
---
The client connects without errors.
Firewalls are turned off on both computers.
From the client I run ping 10.0.8.1 (server) and I get replies.
Also I run ping 192.168.11.111 (server) and I get replies.
Also I run ping 192.168.11.1 (router) and I get replies.
I can also ping other computers in that LAN and I get replies.
But, when I run ping http://www.google.com, I get:
Pinging http://www.l.google.com [209.85.148.147] with 32 bytes of data:
Request timed out.
Request timed out.
...
No websites load on the client.
What am I doing wrong? Why is the internet not working?

[janjust]

does the router do NATting when traffic is forwarded onto the internet? is the router configured to NAT ALL traffic or just the LAN traffic it knows about (192.168.11.0/24) ? is it possible to add an extra NATting rule to the router to also NAT 10.0.8.0/24?

[Bebop]

Have you created a successful Win 7 VPN server previously? You seem to be very close to getting this working. I can try help too.

Adding a bit extra to what JJK said,

there's a guide to a working Win7 setup here: topic7806.html

I notice a couple of differences between that example and yours.

• Code: Select all

  dev tun

  vs

  Code: Select all

  dev tap

  tun is always recommended unless you have explicit reason for using tap.
  -----------
• You put in your client:

  Code: Select all

  route 192.168.11.0 255.255.255.0 vpn_gateway 3

  Is it definitely necessary?
  -----------
• These are in the guide but not in your setup.. I can't say they are definitely necessary but I don't see any harm in adding them.

  Code: Select all

  Start -> Right-click My Computer -> Manage
  Services
  Right-click Routing and Remote Access -> Properties -> Automatic
  Right-click Routing and Remote Access -> Start
  
  Next:
  
  Control Panel
  Network and Sharing Center
  Local Area Connection
  Properties
  Sharing
  Tick the box "Allow other network users to connect through this computer's Internet connection"
  From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP server connection.

Hope you solve it.. looks like you're nearly there. Keep at it.

[vpnuser2011]

does the router do NATting when traffic is forwarded onto the internet? is the router configured to NAT ALL traffic or just the LAN traffic it knows about (192.168.11.0/24) ? is it possible to add an extra NATting rule to the router to also NAT 10.0.8.0/24?

I don't know the answer to that question? How can I find out?

Have you created a successful Win 7 VPN server previously? You seem to be very close to getting this working. I can try help too.

No, this is the first VPN I try to create on win 7 x64. It may sound awkward but I don't know how I could have missed that thread. I will try again tomorrow and report back.
Thank you for your help.

[vpnuser2011]

I have followed the tutorial posted by Bebop (thank you) and everything appears to work.
Still, I received this error on the client config:
Options error: Unrecognized option or missing parameter(s) in client1.ovpn:24: register-dns (2.1.1) , but I have commented out that line and everything seems to be fine now.

[Bebop]

Excellent work. Thanks for feedback. I can delete register dns in the example now. Still leaves a problem of dns to solve if you ever figure that out, let us know (so no need for google dns etc).

[vpnuser2011]

Excellent work. Thanks for feedback. I can delete register dns in the example now. Still leaves a problem of dns to solve if you ever figure that out, let us know (so no need for google dns etc).

I am not sure what you mean. Where can that problem arise?
For now, the webpages and other internet applications load correctly without "register-dns".

[Bebop]

Where can that problem arise?

For clients who don't want to depend on Google DNS (think China, privacy etc), and for servers who want to share their ISP DNS... the problem is that they cannot. At least not yet, not without adding further code than already provided with the guide.

Of course, I say this only from personal experience, so its plausible to be incorrect, but so far not been proven incorrect. If you do come across a solution or a workaround, feel free to check in and share it here.