OpenVPN routing to remote network

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
sebasq
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 13, 2011 11:00 pm

OpenVPN routing to remote network

Post by sebasq » Wed Jul 13, 2011 11:26 pm

Folks,

I know that topic isn't new and I've found hundreds of sites with how-to's but still I cannot achieve what i want. I've tried pretty much everything.

I have Debian server with OpenVPN server installed and OpenVPN client installed on Windows XP Embedded.
Debian Site:
ppp0 - 77.x.x.x - internet access
eth1 - 10.10.0.0 - LAN
tun0 - 10.0.2.0 - OpenVPN

Windows Site:
10.0.1.0 - LAN

Debian IP's
10.10.0.254 - LAN
10.0.2.1 - OpenVPN

Windows IP's
10.0.1.131 - LAN
10.0.2.10 - OpenVPN

OpenVPN is connecting properly. Whats more, after connection , from Windows client I can ping all host in Debian's LAN (10.10.0.254, 10.10.0.251) and of course I can ping all hosts from Windows local network like 10.0.1.20.

Problem is that I cannot ping any host in Windows LAN from Debian server.
On Debian:
ping 10.0.2.10 works
ping 10.0.1.20 doesn't work

Any thoughts on this one??

Debian serv.conf

Code: Select all

port 1296
proto tcp-server
dev tun

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server/server.crt
key /etc/openvpn/easy-rsa/keys/server/server.key  
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-auth /etc/openvpn/easy-rsa/keys/secret.key 0

server 10.0.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo

max-clients 50

route 10.0.1.0 255.255.255.0

push "route 10.10.0.0 255.255.255.0"

persist-key
persist-tun

status openvpn-status-serv.log
log         openvpn-serv.log
log-append  openvpn-serv.log
verb 1
Debian route:

Code: Select all

/etc/openvpn# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
bras3. *                          255.255.255.255 UH    0      0        0 ppp0
10.0.2.2        *               255.255.255.255 UH    0      0        0 tun0
10.0.1.0        10.0.2.2        255.255.255.0   UG    0      0        0 tun0
10.0.2.0        10.0.2.2        255.255.255.0   UG    0      0        0 tun0
localnet        *               255.255.255.0   U     0      0        0 eth1
default         *               0.0.0.0         U     0      0        0 ppp0
Windows config:

Code: Select all

client
port 1296
dev tun
proto tcp-client
remote 77.x.x.x
resolv-retry infinite
nobind
persist-key
persist-tun

ca keys-ssa/ca.crt
cert keys-ssa/terminal-laszczki.crt
key keys-ssa/terminal-laszczki.key
tls-auth keys-ssa/secret.key 1
comp-lzo

status openvpn-status-ssa.log

verb 3
Windows IP's:

Code: Select all

Windows IP Configuration


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.0.1.131
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.1.1

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.0.2.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.252
        Default Gateway . . . . . . . . . :
Windows route:

Code: Select all

C:\Documents and Settings\Administrator>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 0a a2 6b 05 ...... VIA Rhine II Fast Ethernet Adapter - Packet Sch
duler Miniport
0x3 ...00 ff 42 9f ee 5c ...... TAP-Win32 Adapter V8 - Packet Scheduler Minipor

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1      10.0.1.131       20
         10.0.1.0    255.255.255.0       10.0.1.131      10.0.1.131       20
       10.0.1.131  255.255.255.255        127.0.0.1       127.0.0.1       20
         10.0.2.1  255.255.255.255         10.0.2.9       10.0.2.10       1
         10.0.2.8  255.255.255.252        10.0.2.10       10.0.2.10       30
        10.0.2.10  255.255.255.255        127.0.0.1       127.0.0.1       30
        10.10.0.0    255.255.255.0         10.0.2.9       10.0.2.10       1
   10.255.255.255  255.255.255.255       10.0.1.131      10.0.1.131       20
   10.255.255.255  255.255.255.255        10.0.2.10       10.0.2.10       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        224.0.0.0        240.0.0.0       10.0.1.131      10.0.1.131       20
        224.0.0.0        240.0.0.0        10.0.2.10       10.0.2.10       30
  255.255.255.255  255.255.255.255       10.0.1.131      10.0.1.131       1
  255.255.255.255  255.255.255.255        10.0.2.10               4       1
  255.255.255.255  255.255.255.255        10.0.2.10       10.0.2.10       1
Default Gateway:          10.0.1.1
===========================================================================
Persistent Routes:
  None
This one is huge....

I've changed IP_forward to 1 in Windows registry. Debian also has ip_forwarding set to 1.

I can't figure out what i'm doing wrong.

Any help would be appreciated....you're my last hope...

Cheers,
S.
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: OpenVPN routing to remote network

Post by maikcat » Thu Jul 14, 2011 10:24 am

hi there,

actually answered by me 2 days ago...

create a ccd file named after your client cert (terminal-laszczki)
and insert into it the following

iroute 10.0.1.0 255.255.255.0

also add to your server the client-config-dir statement
followed by the directory you placed the above file f.e

client-config-dir /etc/openvpn/ccd

restart openvpn server and client and try again

Michael.

ps: you need to enable ip forwading in BOTH client server..
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
sebasq
OpenVpn Newbie
Posts: 2
Joined: Wed Jul 13, 2011 11:00 pm

Re: OpenVPN routing to remote network

Post by sebasq » Sun Jul 17, 2011 9:40 pm

Thanks for reply.

I did use ccd previously and it didn't work either.

I think I know the problem. It's Windows Embedded. I've noticed that there is something wrong with WMI and I can't repair it.
After applying what you wrote I can ping LAN IP(10.0.1.131) address of this terminal from debian server but nothing else. So probably it's because Windows is not forwarding. I don't know what is wrong with Windows. I've set IPEnableRouter to 1 in Windows registry but still it's not working.

I gave up. I'll bu router supported with Tomato USB and connect via OpenVPN. I've checked this already and it's working.

Thanks for help! If you know what else I could do to enable forwarding on Windows I'll be appreciated. I got error message when trying to bridge connections on Windows. It's because of WMI error I couldn't fix.

Seba
Top
Post Reply

Return to “Off Topic, Related”