Broadcasts using tun

[wamp@mt.net]

Hello,
I am a little confused as to whether I can tweak my OpenVPN configuration to allow network broadcasts (esp being able to browse network neighborhood) while using tun mode. I did run across this thread:topic8580.html but it seems to apply to linux servers, and I am using a W2K3 server. Is there any way to do this with windows server?

The way things stand currently, I am able to make a good connection, I can ping the server from the client, but I cannot ping any other devices on the network behind the server from the client.

My setup:
Default gateway 192.168.10.2 (dsl modem)
W2K3 server (DHCP server, WINS server DNS server, OpenVPN server) 192.168.10.105

Server config:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  
dh dh1024.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option WINS 192.168.10.105"
push "dhcp-option DNS 192.168.10.105"
push "dhcp-option DOMAIN (my domain).com.local"
client-to-client
keepalive 10 120
comp-lzo
max-clients 4
persist-key
persist-tun
status openvpn-status.log
verb 3

Client Config:
client

Code: Select all

dev tun
dev-node AlpineVPN
proto udp
remote (my domain).dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert Todd.crt
key Todd.key
ns-cert-type server
comp-lzo
verb 3

Thanks for any help!

[maikcat]

AFAIK tun doesnt allow broadcast packets..

I can ping the server from the client, but I cannot ping any other devices on the network behind the server from the client.

this is purely routing problem and has nothing to do with broadcasts..

enable ip forwarding on your server win2003
setup your pcs to have win2003 as their gateway.

setup your pcs firewall accordingly

Michael

[wamp@mt.net]

Thanks for the suggestion; I turned on ip forwarding as you suggested, and I'm not sure whether I have made progress. I can no longer ping the server (or any other machine on the network) and I still cannot browse the network neighborhood...but I can browse the internet.

Any suggestions?

Thanks

[maikcat]

is on your server the RAS service enabled?

Michael.

[wamp@mt.net]

It is not. Does it have to be? I would like to keep it off, so that other clients are able to RDP into their computers.

[maikcat]

keep RAS disabled...

can you post the output of netstat -nr before and after you connect to vpn?

silly question,

after enabling ip forwarding in win registry,did you reboot your server?

Michael.

[wamp@mt.net]

Not a silly question, as it wouldn't be the first time I forgot to reboot after a change like that! But yes, I did reboot after enabling IP forwarding.

I will post the netstat output when I have another crack at this. But for the time being, I had to disable IP forwarding. Apparently, all day yesterday there were intermittent problems with connectivity--it sounds like machines would periodically be unable to find the server. I am unable to be more specific about that until I investigate further (I spent the whole day yesterday at my real job). What I do know, though, is that with IP forwarding on I was unable to browse the network neighborhood from any of the machines on the network. They could see the server, could not see any of the other machines. Then, I disabled IP forwarding, rebooted the server, and browsing the neighborhood went without difficulty. I'll see today if things are back to normal or if there's some other mess I made trying to do this.

Thanks again for your help/suggestions.