Unable to access OpenVPN subnet in Server 2008

[feeyeah]

Hi,

I am a noob in networking...
What i trying to achieve here is let my client connect to my OpenVPN subnet.
All the server is Windows Server 2008.
This is the configuration of my servers:

OpenVPN Server with the following IP:
public IP: 100.100.100.140
subnet mask: 255.255.255.248
Default Gateway: 100.100.100.137

LAN IP: 10.10.10.140
subnet mask: 255.255.255.0

OpenVPN IP: 10.8.0.1


Internal Server:
LAN IP: 10.10.10.141
subnet mask: 255.255.255.0

Server configuration:
port 1194
proto tcp
dev tun
ca ca.crt
cert OpenVPN.crt
key OpenVPN.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
push "route 10.8.0.1 255.255.255.255"
push "route 10.10.10.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
client-config-dir ccd
keepalive 10 120
tls-auth ta.key 0
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
route-method exe
script-security 2

client config:
client
dev tun
proto tcp
remote 100.100.100.140 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert test.crt
key test.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3
route-method exe
route-delay 2

The thing i can do:
I can ping the OpenVPN server from my client vise versa.

The thing already do:
modify the server 2008 IP forwarding in regisry.
start the RRAS.
Turn off all the firewall.

But i still unable to connect to my OpenVPN subnet. I read through the article, it said i need to add some route on the default gateway, but in my case the default gateway for my server subnet is blank because all the server subnet is connected through switch.
I do try to add route in the OpenVPN server 2008 RRAS, but it seems unsuccessful as well. But i am not so understand about how the routing work, can someone please tell me the detail on what entry i should add in the server 2008 RRAS if it is needed?

Thanks a lot.

[Mimiko]

What is the default GW on 10.10.10.141?
Who have this IP mask:

push "route 192.168.100.0 255.255.255.0"

taken from OpenVPN server config file?
Push the local LAN IP mask:

Code: Select all

push "route 10.10.10.0 255.255.255.0"

[feeyeah]

hi,
there is no default gateway(0.0.0.0) for the 10.10.10.141 because it is connected with other server through switch.
or do i need to set the default gateway for it?

push "route 10.10.10.0 255.255.255.0"
i already put this line inside the server config, typing in the wrong ip, sorry for the mistake.

Any other mistake i make? Thanks for your immediate response.

[Mimiko]

If you whant that server to respond - set default GW.

[feeyeah]

Hi,

I use one of the openvpn server ip as the server subnet gateway and it is work.
But i have multiple openvpn server now and i seems like unable to set the switch's gateway.

The workaround i found is set multiple gateway in the server subnet, mean each openvpn server act as the gateway on the server subnet.
Any drawback on using this method?
The best way is using router?

Please advise, thanks.

[Mimiko]

The workaround i found is set multiple gateway in the server subnet, mean each openvpn server act as the gateway on the server subnet.

Didn't understood the network configuration.

Any drawback on using this method?
The best way is using router?

If it's working for the needed purpose, let's it work. When problem will arrive (if any) your knoledge will be more comprehensive and will be able to resolve it.

[feeyeah]

I some sort of solving this problem by adding a static route on each of the server's subnet.

But i got another problem now...
I try to configure the access policy by following this document:
http://openvpn.net/index.php/open-sourc ... tml#policy

The normal user is using 10.8.0.0/24 and my Admin user is using 10.8.1.0/24...
The normal user is able to access to the server's subnet but all my Admin user unable to access to the server's subnet.
Is it because of this line i put in the server config?
push "route 10.8.0.1 255.255.255.255"

May i know how can i allow the Admin user to access my server's subnet?
Thanks.

[Mimiko]

Yes. Just push route only to admin user.