OpenVPN Help, Connects Successfully But Does Not Work

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
exiton
OpenVpn Newbie
Posts: 1
Joined: Sun Feb 27, 2011 2:53 am

OpenVPN Help, Connects Successfully But Does Not Work

Post by exiton » Sun Feb 27, 2011 3:13 am

I'm new to OpenVPN and I followed the Lockup Guide http://lockup.wordpress.com/configure-openvpn/ to get started. I'm setup exactly as his configuration guide suggests, just changing the server address and port. The clients are windows machines and the server is a windows 2008 box (192.168.1.150). I've disabled the firewall on the Windows Server 2008 machine. I've also used DD-WRT to forward my OpenVPN port to the server 2008 machine and set up an advanced routing just like it says. DD-WRT reports my routing tables as:
  • Destination LAN NET Subnet Mask Gateway Interface
    172.27.35.1 255.255.255.255 0.0.0.0 WAN
    192.168.10.0 255.255.255.252 192.168.1.150 LAN & WLAN
    192.168.1.0 255.255.255.0 0.0.0.0 LAN & WLAN
    172.27.35.0 255.255.255.0 0.0.0.0 WAN
    169.254.0.0 255.255.0.0 0.0.0.0 LAN & WLAN
    0.0.0.0 0.0.0.0 172.27.35.1 WAN
My network and DNS ip is 192.168.1.1 with subnet mask 255.255.255.0. I can successfully connect to the OpenVPN server and my client gets provisioned with an IP. For example, my client gets an ip of 192.168.10.3 and the only thing it can ping successfully is 192.168.10.1. If I try to go to any other website or computer, either internally or externally, it times out. I may have a routing problem but I've got no clue. I appreciate any help or feedback you might offer. Thank you. -John

client1.ovpn

Code: Select all

### CLIENT1 CONFIG FILE ###
# lines starting with # or ; will not be read by OpenVPN

client
dev tap
#dev-node MyTAP   # If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name.
proto udp
remote XXX.dyndns-free.com XXX   #### CHANGE. Replace with DynDNS or IP address. Number after is the port you will have to forward with your router.
route 192.168.1.0 255.255.255.0 vpn_gateway 3   #### CHECK. This it the IP address scheme and subnet of the normal network your server is on.
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client1.crt"   #### CHECK. Must match client name.
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client1.key"   #### CHECK. Must match client name.
tls-auth ta.key 1   # 'ta.key' must be in the config folder.
ns-cert-type server
cipher AES-128-CBC   # AES encrytion for the connection.
comp-lzo
verb 2   # This sets how detailed the log file will be. 0 causes problems and higher numbers can give you more detail for troubleshooting.
server.ovpn

Code: Select all

### SERVER CONFIG FILE ###
# lines starting with # or ; will not be read by OpenVPN

local 192.168.1.150   #### CHANGE. This is the IP address of the real (not tun/tap) network interface of the server. Find it using 'run > cmd > ipconfig'.
port XXX   #### CHANGE. This is the port the service will listen on. See 'Configure your Router' section for recommendation.
proto udp
mssfix 1400
push "dhcp-option DNS 192.168.1.1"   #### CHANGE. Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS).
#push "dhcp-option DNS X.X.X.X"   #### CHANGE (OPTIONAL). A second DNS server. If you have one, remove the #.
dev tap
#dev-node MyTAP   #### CHECK. If you renamed your TAP interface or have more than one TAP interface, remove the # and change "MyTAP" to its name.
ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"  
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\server.key"   # Never take this file off the server.
dh "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
tls-auth ta.key 0   # 'ta.key' must be in the config folder.
server 192.168.10.0 255.255.255.128   #### CHECK. Assigns the virtual IP address and subent to the VPN. Make sure you add this to your Router (section 4i).
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"   # This will force the clients to use the home network's internet connection
keepalive 10 120
cipher AES-128-CBC   # Connection will be encrypted with AES 128-bit.
comp-lzo
max-clients 10   #### CHECK. Assigns the maximum number of clients here, change according to your setup.
persist-key
persist-tun
status openvpn-status.log
verb 2   # This sets how detailed the log file will be. 0 causes problems and higher numbers can give you more detail for troubleshooting.
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: OpenVPN Help, Connects Successfully But Does Not Work

Post by gladiatr72 » Tue Mar 22, 2011 5:28 pm

Please set "verb 4" and post your server and client log files. Please include the output of "netstat -rn" from your connected client.

You also didn't mention anything about enabling forwarding on your windows server or whether you've added a static route to your client vpn network (192.168.10.0/24) network to your server-side router.

-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
Post Reply

Return to “Installation Help”