Does not ping VPN server tunnel

[madrada]

Buenas tardes,

Llevo un par de días configurando el OpenVPN, lo he hecho muchas veces pero ahora mismo, me está dando un error que no llego a el.

Tengo el OpenVPN server instalado en un Win server 2016. Desde el cliente se conecta bien, pero no puedo entrar a las carpetas de red, y tampoco hacer ping a los equipos de red. Tampoco al servidor.

Lo que he ido quitando cortafuegos, desabilitando los de winfdows también y aun así no hace nada. He realizado un tracert desde el cliente y desde el server. En el cliente no me reconoce el tunel, es decir me da una ip 10.10.8.6, hace ping a esa IP pero a la 10.10.8.1 que es la del servidor no.

Desde el servidor tampoco me hace ping a su tunel IP 10.10.8.1, se que el problema está en el servidor, tengo todo cortafuegos y demás quitado.

Alguna idea?

gracias,
.
.
.
Good afternoon,

I've been configuring OpenVPN for a couple of days, I've done it many times but right now, it's giving me an error that I can't get to it.

I have the OpenVPN server installed on a Win server 2016. From the client it connects well, but I cannot enter the network folders, and neither can I ping the network computers. Nor to the server.

What I have been removing firewalls, disabling those of winfdows as well and still does nothing. I have made a tracert from the client and from the server. The tunnel does not recognize me in the client, that is, it gives me an IP 10.10.8.6, it pings that IP but the 10.10.8.1 that is the server's one.

From the server it does not ping me its IP 10.10.8.1 tunnel either, I know the problem is with the server, I have all firewalls and other removed.

Any ideas?

thanks,

[Pippin]

English please,

Thanks.

[madrada]

Sorry, thanks for traslate.

[madrada]

Hi,

This is my configuration:

View OriginalServer config

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
server 10.10.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

View OriginalClient config

client
dev tun
proto udp
remote XXXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\JuanCarlos.crt"
key "C:\\Program Files\\OpenVPN\\config\\JuanCarlos.key"
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3

thanks

[madrada]

I have see that the tunnel TAP adapter have 169... ip, why' how can I correct the error?

thanks

[TinCanTech]

You must enable the "Windows DHCP Client Service"

[madrada]

OK, now I can ping the tunnel ip server from the client, but now I cant ping to server ip address 192.168.1.33, so I cant access to shared folders etc...

[madrada]

sorry, from the server I cant ping to client ip tunnel.

[madrada]

Can anyone help me please? thanks!

[TinCanTech]

Check your firewalls,

[madrada]

Firewalls are disabled.

[TinCanTech]

from the server I cant ping to client ip tunnel

Please add your logs at --verb 4.

Example:
viewtopic.php?f=30&t=22603#p68963

[300000]

OK, now I can ping the tunnel ip server from the client, but now I cant ping to server ip address 192.168.1.33, so I cant access to shared folders etc...

you are not setting NAT and ip forward so you can ping real server ip . only virtual ip you can so from route 10.10.8.0 it need to NAT to real ip just come here the instruction to help you.

viewtopic.php?f=6&t=31230

[madrada]

hI,

I have this message when client connect to the server:

Code: Select all

Mon Nov 09 18:50:22 2020 us=348473 88.148.92.204 [diegolamoneda] Peer Connection Initiated with [AF_INET6]::ffff:88.148.92.204:57429
Mon Nov 09 18:50:22 2020 us=348473 diegolamoneda/88.148.92.204 MULTI_sva: pool returned IPv4=10.15.15.10, IPv6=(Not enabled)
Mon Nov 09 18:50:22 2020 us=348473 diegolamoneda/88.148.92.204 MULTI: Learn: 10.15.15.10 -> diegolamoneda/88.148.92.204
Mon Nov 09 18:50:22 2020 us=348473 diegolamoneda/88.148.92.204 MULTI: primary virtual IP for diegolamoneda/88.148.92.204: 10.15.15.10
Mon Nov 09 18:50:23 2020 us=411099 diegolamoneda/88.148.92.204 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 09 18:50:23 2020 us=411099 diegolamoneda/88.148.92.204 SENT CONTROL [diegolamoneda]: 'PUSH_REPLY,route 10.15.15.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.15.15.10 10.15.15.9,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Nov 09 18:50:23 2020 us=411099 diegolamoneda/88.148.92.204 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Nov 09 18:50:23 2020 us=411099 diegolamoneda/88.148.92.204 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Nov 09 18:50:23 2020 us=411099 diegolamoneda/88.148.92.204 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 09 18:50:23 2020 us=411099 diegolamoneda/88.148.92.204 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 09 18:50:24 2020 us=114308 diegolamoneda/88.148.92.204 MULTI: bad source address from client [::], packet dropped
Mon Nov 09 18:50:24 2020 us=114308 diegolamoneda/88.148.92.204 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_000] 0:5 0:4 t=1604944224[0] r=[0,64,15,1,1] sl=[59,5,64,528]
Mon Nov 09 18:50:24 2020 us=239323 diegolamoneda/88.148.92.204 PID_ERR replay-window backtrack occurred [2] [SSL-0] [0__000000] 0:9 0:7 t=1604944224[0] r=[0,64,15,2,1] sl=[55,9,64,528]