vpnserver

[jonathan75803]

Could use a little help. I have openvpn server up and running and can connect with pc no problems. So i get the general concepts of how to set this all up. Am working on another server for ios devices to connect. The problem is this.

When assigning the iprange that i need it to use say (10.40.1.0) it is giving the tun device ip (10.40.1.1) which shuts down everything. Reason is 10.40.1.1 is the default gateway for routers on campus. So my question is this. How can i exclude ip 10.40.1.1 from being assigned????

essentially what i am wanting to do is connect using my ipad and vpn to my network so that i can get to my office pc on 10.40.1.0. Then from there i can gain access to the other servers on campus.

As i stated i can already do this using one server with my laptop but who wants to carry a laptop with them anymore.....

Any help is appreciated

[janjust]

I'd never assign '10.4.1.0' as the VPN server IP ... (the .0 is likely to confuse everybody).

You can hand out different IP ranges on the VPN server by specifying an 'ifconfig-pool'; instead of

server 10.4.1.0 255.255.255.0

you'd use

Code: Select all

mode server
tls-server
push "topology subnet"
ifconfig 10.4.1.10 255.255.255.0
ifconfig-pool 10.4.1.100 10.4.1.200
push "route 10.4.1.0 255.255.255.0"

but without your server config it's impossible to tell exactly what is failing.

[jonathan75803]

I tried ifconfig like u suggested and the server would not start. This is what i am currently running. I can connect but am not able to ping or get past the server.

port 1194
proto tcp-server
dev tun0
ca keys/ca.crt
cert keys/vpnserver.crt
key keys/vpnserver.key
dh keys/dh1024.pem
server 10.8.1.0 255.255.255.0
crl-verify keys/jacksonville-college.edu/crl.pem
tls-auth servers/vpnserver/ta.key 0
cipher BF-CBC
user nobody
group nobody
status servers/vpnserver/logs/openvpn-status.log
log-append servers/vpnserver/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/vpnserver/ccd
tls-server
client-to-client
duplicate-cn
comp-lzo
persist-key
persist-tun
ccd-exclusive
topology subnet

withing my ccd file i have:

iroute 10.40.198.0 255.255.255.0
/sbin/route 10.40.198.0 255.255.255.0
ifconfig-push 10.40.198.250 255.255.255.0

I am pulling down the right information, but i am also getting the routed gateway 10.8.1.1 which i am assuming is keeping me from pinging or getting past the server.

[jonathan75803]

ok i scratched everything and started over i realized what i had done wrong to a degree. Here is where I am at now. My vpn server is starting and i can get to the internet but i can not get to anything on my network. This is my current config file.

port 1194
proto tcp-server
dev tun0
ca keys/ca.crt
cert keys/vpnserver.crt
key keys/vpnserver.key
dh keys/dh1024.pem
mode server
ifconfig 10.40.198.249 255.255.255.0
ifconfig-pool 10.40.198.250 10.40.198.254
push "route 10.40.198.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.40.198.62"
topology subnet
crl-verify keys/crl.pem
tls-auth servers/vpnserver/ta.key 0
cipher BF-CBC
user nobody
group nobody
status servers/vpnserver/logs/openvpn-status.log
log-append servers/vpnserver/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/vpnserver/ccd
tls-server
client-to-client
duplicate-cn
comp-lzo
persist-key
persist-tun
ccd-exclusive
up servers/vpnserver/bin/vpnserver.up

Ideas?

[jonathan75803]

ok this is where i am at now.

I have a openvpn server completely working that is configured using a bridged tap interface. I can connect in and everything is working fine. I can remote to anywhere on campus that i need to using my laptop.

However i do not always carry my laptop, instead i usually have my ipad, so i configured another server on the same box using upd tun. I can connect and get to the internet but i can not reach anything on campus. It appears to be giving me the correct ipaddress from the pool, along with the correct route, and dns so i am not sure whats wrong. Here is my current upd file.

port 1194
proto udp
dev tun0
ca keys/iosvpn/ca.crt
cert keys/iosvpn/iosvpn.crt
key keys/iosvpn/iosvpn.key
dh keys/iosvpn/dh1024.pem
#server 10.8.1.0 255.255.255.0
mode server
ifconfig 10.40.198.249 255.255.255.0
ifconfig-pool 10.40.198.250 10.40.198.254
push "route 10.40.198.0 255.255.255.0"
push "dhcp-option gateway 10.40.198.1"
push "dhcp-option DNS 10.40.198.62"
crl-verify keys/iosvpn/crl.pem
tls-auth servers/iosvpn/ta.key 0
cipher BF-CBC
user nobody
group adm
status servers/iosvpn/logs/openvpn-status.log
log-append servers/iosvpn/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/iosvpn/ccd
tls-server
client-to-client
duplicate-cn
comp-lzo
persist-key
persist-tun
ccd-exclusive

Any ideas??????

[mfromo]

Would the below work for a situation where I need the server IP to be the same IP Address if I'm connecting within an office (no VPN connection) or connecting via VPN? Is the ifconfig 10.4.1.10 255.255.255.0 setting the IP of the server?
Thanks!

I'd never assign '10.4.1.0' as the VPN server IP ... (the .0 is likely to confuse everybody).

You can hand out different IP ranges on the VPN server by specifying an 'ifconfig-pool'; instead of

server 10.4.1.0 255.255.255.0

you'd use

Code: Select all

mode server
tls-server
push "topology subnet"
ifconfig 10.4.1.10 255.255.255.0
ifconfig-pool 10.4.1.100 10.4.1.200
push "route 10.4.1.0 255.255.255.0"

but without your server config it's impossible to tell exactly what is failing.