cant route traffic to VPN running on windows 2003 VPS vmware

[mclainxp00]

Hello,

I've been trying to setup a VPN using OpenVPN 2.1_rc22 on my windows VPS to route all my traffic (including internet) and so far everything I've tried has failed.

My windows VPS is running under vmware (not virtuozzo or hyperVM) and I've tried different openVPN client/server config files and setups, I followed different "how-to's" , my IPEnableRouter is set to 1 on my windows and windows VPS registry but so far no luck. Im starting to wonder if anyone has been able to setup a VPN on a windows VPS that is under vmware and route all the traffic through the VPN, I can figure out what could be wrong with my setup/config files so Im looking for some guidance in this matter.

this is where I am so far :
I can stablish a VPN connection and ping from client to server

Code: Select all

C:\Documents and Settings\client>ping 10.8.0.1
Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=55ms TTL=128
Reply from 10.8.0.1: bytes=32 time=55ms TTL=128
Reply from 10.8.0.1: bytes=32 time=54ms TTL=128
Reply from 10.8.0.1: bytes=32 time=55ms TTL=128

but not from server to client

Code: Select all

C:\Documents and Settings\Administrator>ping 10.8.0.6
Pinging 10.8.0.6 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

This is my server.ovpn

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
;route add gateway my.VPS.public.IP #test gw
client-to-client
keepalive 10 120
comp-lzo
max-clients 5
persist-key
persist-tun
status openvpn-status.log
verb 6

my test client.ovpn

Code: Select all

client
dev tun
dev-node MyTap
proto udp
remote my.VPS.public.IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert slipsam.crt
key slipsam.key
ns-cert-type server
comp-lzo
verb 6

client log file :

Code: Select all

http://paste2.org/p/549052

server log file:

Code: Select all

http://paste2.org/p/549053

this is my route print from client:

Code: Select all

C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f d0 d1 37 3c ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Etnet NIC - Packet Scheduler Miniport
0x3 ...00 ff 23 5b 95 f0 ...... TAP-Win32 Adapter V9 - Packet Scheduler Miniport
0x4 ...08 00 27 00 94 43 ...... VirtualBox Host-Only Ethernet Adapter - Packecheduler Miniport
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0        128.0.0.0         10.8.0.5        10.8.0.6       1
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.67       20
         10.8.0.0    255.255.255.0         10.8.0.5        10.8.0.6       1
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
     65.54.49.168  255.255.255.255    192.168.1.254    192.168.1.67       20
     69.64.250.20  255.255.255.255    192.168.1.254    192.168.1.67       20
      72.21.91.20  255.255.255.255    192.168.1.254    192.168.1.67       20
    91.121.209.36  255.255.255.255    192.168.1.254    192.168.1.67       20
 my.VPS.Public.IP  255.255.255.255    192.168.1.254    192.168.1.67       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        128.0.0.0        128.0.0.0         10.8.0.5        10.8.0.6       1
      169.254.0.0      255.255.0.0     192.168.1.67    192.168.1.67       30
      192.168.1.0    255.255.255.0     192.168.1.67    192.168.1.67       20
     192.168.1.67  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255     192.168.1.67    192.168.1.67       20
     192.168.56.0    255.255.255.0     192.168.56.1    192.168.56.1       20
     192.168.56.1  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.56.255  255.255.255.255     192.168.56.1    192.168.56.1       20
    207.46.113.85  255.255.255.255    192.168.1.254    192.168.1.67       20
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0     192.168.1.67    192.168.1.67       20
        224.0.0.0        240.0.0.0     192.168.56.1    192.168.56.1       20
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255     192.168.1.67    192.168.1.67       1
  255.255.255.255  255.255.255.255     192.168.56.1    192.168.56.1       1
Default Gateway:          10.8.0.5
===========================================================================
Persistent Routes:
  None

route print from server:

Code: Select all

C:\Program Files\OpenVPN\config>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10004 ...00 50 56 a2 08 ad ...... VMware Accelerated AMD PCNet Adapter
0x20002 ...00 ff 76 c0 2b 85 ...... TAP-Win32 Adapter V9
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   98.126.myVPS.GW   98.126.myVPS.IP     10
 98.126.unknown.IP  255.255.255.248   98.126.myVPS.IP   98.126.myVPS.IP     10
   98.126.myVPS.IP  255.255.255.255        127.0.0.1        127.0.0.1     10
    98.255.255.255  255.255.255.255   98.126.myVPS.IP   98.126.myVPS.IP     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0   98.126.myVPS.IP   98.126.myVPS.IP     10
  255.255.255.255  255.255.255.255   98.126.myVPS.IP            20002      1
  255.255.255.255  255.255.255.255   98.126.myVPS.IP   98.126.myVPS.IP      1
Default Gateway:    98.126.myVPS.GW
===========================================================================
Persistent Routes:
  None
C:\Program Files\OpenVPN\config>

Everytime I establish a connection from my client to the VPS , my clients internet access is cut while it should still have internet access thro the VPN right? so.. I cant reach anything outside the VPS just stuff that is hosted on the server.

I noticed on my log file after testing different config files is that somehow OpenVPN makes 192.168.1.254 as my default gateway no matter what I try when it should be something like 10.8.0.1 right? that could explain why the clients internet is being cut but I still havent figured out how to tell OpenVPN to use a different gateway I've tried the push route command but then I cant connect to my VPN.

What could be wrong with my server config file? , is there something like a very specific technical thing I have to request to my provider in order to make my VPN work? all I want is route my internet traffic through my VPN, thanks for reading my wall of text and any help provided is greatly appreciated

[Douglas]

Are there any firewalls involved or LANs that might have conflicting IP space?

Everytime I establish a connection from my client to the VPS , my clients internet access is cut while it should still have internet access thro the VPN right? so.. I cant reach anything outside the VPS just stuff that is hosted on the server.

If you can only reach into the server, and not outside of it, then its an issue with the server not the client - something along the lines of traffic not being forwarded.

[mclainxp00]

Hi,

No firewalls involved, clients firewall and servers firewall are truned off. Im not sure if there are IPs conficting eachother or with openVPN , I dont think there are since my LAN IP's are 192.168.1.x , OpenVPN's are 10.8.0.x and there shouldnt be any problem with my VPS IPs since its supposed to be like a dedicated server on which I should only have public IPs.

there has to be something Im missing with my server's NIC not forwarding internet traffic to the openVPN adapter or I need to add the appropriate routes on my openvpn server config file which Im failing to do them right since every time I try to add a route I cant connect to the VPN.

I've read that a lot of people who have had this problem usually get it fixed modifying their iptables and firewall rules but they are on Linux so I cant follow their how to's up to the letter to fix my problem or on windows to make a "brdige" between servers NIC and openvpn adapter which I cant do since it blocks my server and I have to request a technician on my provider to undo the bridge to access my server again anyhow the routes I've tried unsuccessfully are:

push "route my.server.IP openVPN.Server.IP 255.255.255.0"
push "openVPN.Server.IP my.server.IP 255.255.255.0"
route 192.168.1.254 my.server.IP 255.255.255.0

and a few more which I dont remember.

[Douglas]

Hi,

No firewalls involved, clients firewall and servers firewall are truned off. Im not sure if there are IPs conficting eachother or with openVPN , I dont think there are since my LAN IP's are 192.168.1.x , OpenVPN's are 10.8.0.x and there shouldnt be any problem with my VPS IPs since its supposed to be like a dedicated server on which I should only have public IPs.

there has to be something Im missing with my server's NIC not forwarding internet traffic to the openVPN adapter or I need to add the appropriate routes on my openvpn server config file which Im failing to do them right since every time I try to add a route I cant connect to the VPN.

I've read that a lot of people who have had this problem usually get it fixed modifying their iptables and firewall rules but they are on Linux so I cant follow their how to's up to the letter to fix my problem or on windows to make a "brdige" between servers NIC and openvpn adapter which I cant do since it blocks my server and I have to request a technician on my provider to undo the bridge to access my server again anyhow the routes I've tried unsuccessfully are:

push "route my.server.IP openVPN.Server.IP 255.255.255.0"
push "openVPN.Server.IP my.server.IP 255.255.255.0"
route 192.168.1.254 my.server.IP 255.255.255.0

and a few more which I dont remember.

I have never used OpenVPN as a server on Windows before, so I've passed the link to this thread along to a few people who might be able to help you.

[krzee]

your problem seems to be that you need NAT running on your server, and/or ip forwarding enabled. The windows name for NAT is ICS (Internet Connection Sharing)
http://support.microsoft.com/kb/306126 might help you with ICS
http://support.microsoft.com/kb/315236 to enable ip forwarding on windows

You said that your default route is going to 192.168.1.254 but in fact it is not.

0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 1
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 20
...
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 1

the middle entry is over-rode by the top and bottom, which are more specific because of their netmask and therefore used over the middle entry (this is because you use the def1 flag to redirect-gateway, a good thing because when you kill the vpn you'll still have a route to the inet)

Since you can ping the vpn, your vpn is fine, and your routing table is also fine, so your problem is related to needing NAT and ip forwarding on the server.

hope that helps

[mclainxp00]

HOLY ****!!

This: http://support.microsoft.com/kb/306126 is what I was missing!, it works now!!

I love you krzee, thank you!

[Douglas]

HOLY ****!!

This: http://support.microsoft.com/kb/306126 is what I was missing!, it works now!!

I love you krzee, thank you!

Glad to hear it's all sorted!