Unable to access hosts behind openvpn

This forum is to discuss and rate service providers of OpenVPN and similar services. THIS IS NOT A FREE ADVERTISEMENT. All posts have a poll with a rating of 1 to 5, with 5 being best, to rate the quality of service, etc.
Forum rules
1) You must create a poll with 5 options, Do Not Recommend (1), Poor (2), Acceptable (3), Would Recommend (4), Strongly Recommend (5).
2) This is not a free advertisement for providers, but a place to review those providers.
3) Polls which are found to be doctored by providers will be locked to a rating of 1 and the source of the spoofing will be revealed to all, including Google.
Post Reply
suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Unable to access hosts behind openvpn

Post by suba.shalini » Tue Apr 24, 2012 2:24 pm

Hi,

I need help with OpenVPN. I am a newbie to this. OpenVPN client is able to connect to the VPN server and RDP, access the shared drives on the OpenVPN server but then not able to access any hosts behind it. Here are the configuration:

OpenVPN IP pool: 192.168.200.0/24
Server side Private IP: 192.168.100.0/24

Client side private IP: 192.168.10.0/24

Server conf:
-------------------
;local 192.168.100.38
port 1194
proto udp
mssfix 1400
push "dhcp-option DNS x.x.x.x"
push "dhcp-option DNS x.x.x.x"
push "route 192.168.200.0 255.255.255.0"
dev tun
ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\tagsdps01n01.crt"
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\tagsdps01n01.key" # This file should be kept secret-
dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
server 192.168.200.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.100.0 255.255.255.0"
push "redirect-gateway def1"
keepalive 10 120
cipher BF-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 3
route-delay 5

Routing table from the server:
-------------------------------

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.38 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.229.155 276
169.254.229.155 255.255.255.255 On-link 169.254.229.155 276
169.254.255.255 255.255.255.255 On-link 169.254.229.155 276
192.168.100.0 255.255.255.0 On-link 192.168.100.38 276
192.168.100.38 255.255.255.255 On-link 192.168.100.38 276
192.168.100.255 255.255.255.255 On-link 192.168.100.38 276
192.168.200.0 255.255.255.0 192.168.200.2 192.168.200.1 30
192.168.200.0 255.255.255.252 On-link 192.168.200.1 286
192.168.200.1 255.255.255.255 On-link 192.168.200.1 286
192.168.200.1 255.255.255.255 On-link 192.168.100.38 21
192.168.200.3 255.255.255.255 On-link 192.168.200.1 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.100.38 276
224.0.0.0 240.0.0.0 On-link 169.254.229.155 276
224.0.0.0 240.0.0.0 On-link 192.168.200.1 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.100.38 276
255.255.255.255 255.255.255.255 On-link 169.254.229.155 276
255.255.255.255 255.255.255.255 On-link 192.168.200.1 286
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.100.1 Default
0.0.0.0 0.0.0.0 10.235.74.192 Default
10.235.235.0 255.255.255.0 10.235.74.193 Default
192.168.200.1 255.255.255.0 192.168.100.38 1
192.168.100.0 255.255.255.0 192.168.100.38 1
192.168.200.1 255.255.255.255 192.168.100.38 1
===========================================================================


Client conf:
--------------
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\infmca1161.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\infmca1161.key"
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3

Searched through lot of articles and forum but could not find a solution. Any help would be greatly appreciated. Thanks in Advance :)

Thanks,
Suba

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Unable to access hosts behind openvpn

Post by maikcat » Wed Apr 25, 2012 9:23 am

did you enabled ip forwarding on openvpn server?
did you setup openvpn server firewall accordingly?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Re: Unable to access hosts behind openvpn

Post by suba.shalini » Thu Apr 26, 2012 12:39 pm

Hi,

Thank you for your reply. I enabled IP forwarding but then how do I setup Openvpn firewall rules?

Thanks,
Suba

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Unable to access hosts behind openvpn

Post by maikcat » Fri Apr 27, 2012 7:53 am

i can see you are using 64bit windows but
i am not sure which version...

you can always disable the firewall for testing & configure the firewall later.

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Re: Unable to access hosts behind openvpn

Post by suba.shalini » Fri Apr 27, 2012 1:29 pm

The windows firewall is disabled and the version of windows is 2008 Standard with SP 2.

Thanks,
Suba

suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Re: Unable to access hosts behind openvpn

Post by suba.shalini » Wed May 02, 2012 12:48 pm

Hi,

May I know if you have any update for me?

Thanks,
Suba

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Unable to access hosts behind openvpn

Post by maikcat » Thu May 03, 2012 7:14 am

some tips,

lets say you are trying to access a pc inside your lan with ip 192.168.100.10

did you disable firewall on 192.168.100.10 pc?
what default gateway the 192.168.100.10 has?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Re: Unable to access hosts behind openvpn

Post by suba.shalini » Thu May 03, 2012 10:59 am

The Default gateway is the same on both servers - the host on which the openvpn is running and also the machine I am trying to connect to behind the vpn.

Default gateway: 192.168.100.1

And windows firewall is disabled on all the machines.
One more issue, this might help - I am not able to ping the private IP's behind the vpn server for example 192.68.100.10 but then I am able to ping the public IP of the same machine.

Thanks,
Suba

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Unable to access hosts behind openvpn

Post by maikcat » Thu May 03, 2012 11:21 am

can you try setting to the pc you want to acces inside your lan
as default gateway the lan ip of openvpn server?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Re: Unable to access hosts behind openvpn

Post by suba.shalini » Thu May 03, 2012 11:45 am

Not sure I can do that. Because, I have very critical applications running on the hosts behind vpn which are being accessed by the outside world. So changing its default gateway might affect.

Is there any other solution?

thanks for your quick response.

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Unable to access hosts behind openvpn

Post by maikcat » Thu May 03, 2012 12:36 pm

add a static route for 192.168.200.0/24 network on the pc you want
to access inside your lan pointing to the openvpn server

f.e

route add 192.168.200.0 mask 255.255.255.0 192.168.100.38

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Re: Unable to access hosts behind openvpn

Post by suba.shalini » Thu May 03, 2012 4:46 pm

Great!!! :)

Thanks a lot! that fixed the issue. I would need one more help. I am able to RDP with the IP address of the hosts behind vpn but not the hostnames. Would you have any idea why this happens?

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Unable to access hosts behind openvpn

Post by maikcat » Fri May 04, 2012 6:51 am

keep in mind that broadcasts DOESNT pass through tun interfaces,

if you want your name resolving to work use dns/wins/hosts.

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

suba.shalini
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 24, 2012 2:06 pm

Re: Unable to access hosts behind openvpn

Post by suba.shalini » Fri May 04, 2012 4:10 pm

Thank you Michael! :)

You have been great help.

Thanks,
Suba

Post Reply