OpenVPN Support Forum

I'm sorry if this has already been resolved, but I am having a lot of trouble setting up a Site to site VPN. I have followed these instructions.
http://docs.openvpn.net/how-to-tutorial ... ss-server/

However, I am using a Windows based client. Any host on the client side can access all of the hosts on the server side but, the server side is unable to access hosts on the client side.

I have a static route on the Windows client to the server network to go through the IP address from the Access Server. It seems the Access server is building the route on its own. On the access server, I am able to ping the IP address of the client, but I am not able to ping any host on the client network.

Will this not work with a Windows Client?

Access Server is Ubuntu, Windows 2008 server is the client.

did you configured windows firewall accordingly?

did you enabled ip forwarding on windows?

Michael.

I figured it out this morning.

The problem with my Cisco firewall was blocking the traffic on the route. I had to set up a rule that allowed the traffic to the other network.

It all works, now.

Thanks.

Well, I spoke too soon.

I can ping and tracert (so ICMP traffic is working), but not tcp...

I still don't have something right.

So I've been working on this all day, and I haven't really gotten anywhere.

I can establish a VPN connection from the two networks. I can ping any host on either side. I can also tracert or traceroute on any host and get a response.

But, I can not route any IP traffic from either side. Exempt my client computer is able to route TCP traffic, but any other host is unable to.

Can anyone point me in the right direction so I can start routing?

to isolate the problem try to set to your pc (both lans) as default gateway their
openvpn server/client...

if icmp works then routing is ok...

do you filter traffic on openvpn server/client?

Michael.

Thank you very much. This worked, so it is my Cisco Firewall that is blocking the traffic. Yes, I have the static route, but...

Now I just have to find the problem on the Cisco side. Any ideas there? I know this isn't the place to be asking for Cisco help, but if you know...

firewall rules is the one that creates trouble...

AFAIK zyxel has a feature called triangle route , that is allowing traffic passing
from lan int to lan int via its eth interface...

check if there is a similar function on cisco side...

Michael.