Help a newbie this summer!
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Jul 10, 2013 7:43 pm
Help a newbie this summer!
Hi all,
I'm just getting started with OpenVPN on Windows and I have a very simple question which has probably been asked a million times before so my apologies in advance.
I have setup the OpenVPN server software on a Windows 7 PC/Server on the network. The machine has a fixed IP -192.168.1.32 - and the default gateway (192.168.1.254) is just a bog standard broadband modem/router. The network does not use a domain, it's just a Windows workgroup.
I have configured the OpenVPN using these instructions here:
https://community.openvpn.net/openvpn/w ... dows_Guide
and created my certificates and what not. It uses the "tun" method of connection in the config although the network adapter in Windows is called Tap-Windows-Adapter-V9
I can connect through the VPN perfectly fine from my client. I am allocated an IP address of 10.8.0.5 and the server has the IP 10.8.0.1. I can access resources on the server fine.
The problem I have is how can I then to connect to other computers/resources in the 192.168.1.0 range from the remote client? I have tried adding this to the server config:
push "route 192.168.1.0 255.255.255.0"
but this has not worked. I also tried this on the client:
>route -p add 192.168.1.0 MASK 255.255.255.0 10.8.0.1
but still no joy.
I'm sure there is a simple answer, since this is one of the key selling points of VPN, but the answer is alluding me at the moment.
Any help would be very much appreciated!
I'm just getting started with OpenVPN on Windows and I have a very simple question which has probably been asked a million times before so my apologies in advance.
I have setup the OpenVPN server software on a Windows 7 PC/Server on the network. The machine has a fixed IP -192.168.1.32 - and the default gateway (192.168.1.254) is just a bog standard broadband modem/router. The network does not use a domain, it's just a Windows workgroup.
I have configured the OpenVPN using these instructions here:
https://community.openvpn.net/openvpn/w ... dows_Guide
and created my certificates and what not. It uses the "tun" method of connection in the config although the network adapter in Windows is called Tap-Windows-Adapter-V9
I can connect through the VPN perfectly fine from my client. I am allocated an IP address of 10.8.0.5 and the server has the IP 10.8.0.1. I can access resources on the server fine.
The problem I have is how can I then to connect to other computers/resources in the 192.168.1.0 range from the remote client? I have tried adding this to the server config:
push "route 192.168.1.0 255.255.255.0"
but this has not worked. I also tried this on the client:
>route -p add 192.168.1.0 MASK 255.255.255.0 10.8.0.1
but still no joy.
I'm sure there is a simple answer, since this is one of the key selling points of VPN, but the answer is alluding me at the moment.
Any help would be very much appreciated!
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Jul 10, 2013 7:43 pm
Re: Help a newbie this summer!
I have kind of - sort of - not really got this working for IP Addresses but I'm still struggling to resolve Windows names through the VPN.
The fix for IP addresses (although I'm not 100% this is completely working yet, it seems to work sometimes not others) was to enable IP Routing on windows:
change/create a registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name: IpEnableRouter
Value Type: REG_DWORD
Value Data: 1
I ad to reboot afterwards too. To check it has been enabled use ipconfig /all and there should be a line:
IP Routing Enabled. . . . . . . . : Yes
This allowed me to ping the other adapter on my server (192.168.1.32) from the remote VPN client connecting through 10.8.0.1.
In order to access other computers on the network remotely I had to enable "Internet Connection Sharing" on the 192.168.1.32 adapter which presumably allows traffic to pass between the two adapters.
Finally I've had to fiddle around with the route> command a little bit to get it fully working but this is where I'm still having problems so just try with the above first and then create a few static routes if the above doesn't work.
As I say, I'm still having trouble resolving systems by name (this network is just a work group so these aren't FQ domain names, just computer name like "BobsPC" so if anyone has any advice here let me know!
Cheers,
Olly
The fix for IP addresses (although I'm not 100% this is completely working yet, it seems to work sometimes not others) was to enable IP Routing on windows:
change/create a registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name: IpEnableRouter
Value Type: REG_DWORD
Value Data: 1
I ad to reboot afterwards too. To check it has been enabled use ipconfig /all and there should be a line:
IP Routing Enabled. . . . . . . . : Yes
This allowed me to ping the other adapter on my server (192.168.1.32) from the remote VPN client connecting through 10.8.0.1.
In order to access other computers on the network remotely I had to enable "Internet Connection Sharing" on the 192.168.1.32 adapter which presumably allows traffic to pass between the two adapters.
Finally I've had to fiddle around with the route> command a little bit to get it fully working but this is where I'm still having problems so just try with the above first and then create a few static routes if the above doesn't work.
As I say, I'm still having trouble resolving systems by name (this network is just a work group so these aren't FQ domain names, just computer name like "BobsPC" so if anyone has any advice here let me know!
Cheers,
Olly
-
- OpenVPN Super User
- Posts: 219
- Joined: Mon Nov 23, 2009 8:24 pm
Re: Help a newbie this summer!
I'll try to answer your question, but it's split in 2 sections right now.
First of all your wins-server should be the windows-machine, so not 1.254 but 1.32:
Second, your local network needs to know where your vpn-network is, so on your router you need to add a static route to the vpn server:
Probably you need to do this in the GUI.
First of all your wins-server should be the windows-machine, so not 1.254 but 1.32:
Code: Select all
push "dhcp-option WINS 192.168.1.32"
Code: Select all
route add 10.0.8.0 netmask 255.255.255.0 gw 192.168.1.32
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Jul 10, 2013 7:43 pm
Re: Help a newbie this summer!
Hi there,
Thanks for your response, sadly I'm still having problems. I've updated my config to
(the second line coming from another help post) and also ran the following command on the server:
but still cannot resolve on the client. If I try nbtstat I get nothing:
however if I try with IP it can resolve the name:
So it's kind of close and usually after running the above I can briefly access the resource in Windows Explorer using the netbios name.
When I check the routes again the 10.8.0.0 subnet I get a lot of different masks coming out, could this be half the problem?
Cheers
Thanks for your response, sadly I'm still having problems. I've updated my config to
Code: Select all
push "dhcp-option WINS 192.168.1.32"
push "dhcp-option NBT 4"
Code: Select all
route 10.8.0.0 mask 255.255.255.0 192.168.1.32
Code: Select all
C:\windows\system32>nbtstat -a LINKLIVE
Local Area Connection:
Node IpAddress: [10.8.0.6] Scope Id: []
Host not found.
Code: Select all
C:\windows\system32>nbtstat -a 192.168.1.1
Local Area Connection:
Node IpAddress: [10.8.0.6] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
LINKLIVE <00> UNIQUE Registered
LINKLIVE <03> UNIQUE Registered
LINKLIVE <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
WORKGROUP <00> GROUP Registered
MAC Address = 00-00-00-00-00-00
Ethernet:
Node IpAddress: [192.168.0.16] Scope Id: []
When I check the routes again the 10.8.0.0 subnet I get a lot of different masks coming out, could this be half the problem?
Code: Select all
C:\Users\Dell 3 MJR>route print 10.8.*
===========================================================================
Interface List
16...00 ff 9e 4f 92 99 ......TAP-Windows Adapter V9
11...d0 67 e5 19 d9 de ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 30
10.8.0.0 255.255.255.0 On-link 192.168.1.32 21
10.8.0.0 255.255.255.252 On-link 10.8.0.1 286
10.8.0.0 255.255.255.252 On-link 192.168.1.32 21
10.8.0.0 255.255.255.255 On-link 192.168.1.32 21
10.8.0.1 255.255.255.255 On-link 10.8.0.1 286
10.8.0.3 255.255.255.255 On-link 10.8.0.1 286
10.8.0.3 255.255.255.255 On-link 192.168.1.32 276
10.8.0.255 255.255.255.255 On-link 192.168.1.32 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
None
Persistent Routes:
None
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Jul 10, 2013 7:43 pm
Re: Help a newbie this summer!
Also if it helps, here are the routes for the 192.168.1.0 subnet:
Code: Select all
C:\Users\Dell 3 MJR>route print 192.168.1*
===========================================================================
Interface List
16...00 ff 9e 4f 92 99 ......TAP-Windows Adapter V9
11...d0 67 e5 19 d9 de ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
192.168.1.0 255.255.255.0 On-link 192.168.1.32 276
192.168.1.0 255.255.255.0 192.168.1.254 192.168.1.32 21
192.168.1.32 255.255.255.255 On-link 192.168.1.32 276
192.168.1.255 255.255.255.255 On-link 192.168.1.32 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.1.0 255.255.255.0 192.168.1.254 1
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
None
Persistent Routes:
None
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Jul 10, 2013 7:43 pm
Re: Help a newbie this summer!
Also one last thing:
The remote client CAN resolve the netbios name of the VPN server
C:\windows\system32>nbtstat -a dell3mjr-pc
So it certainly appears to be a configuration problem on the server rather than a VPN issue as such.
Thanks again
The remote client CAN resolve the netbios name of the VPN server
C:\windows\system32>nbtstat -a dell3mjr-pc
Code: Select all
ClientTap:
Node IpAddress: [10.8.0.4] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
DELL3MJR-PC <00> UNIQUE Registered
MJRWG <00> GROUP Registered
DELL3MJR-PC <20> UNIQUE Registered
MJRWG <1E> GROUP Registered
MJRWG <1D> UNIQUE Registered
☺☻__MSBROWSE__☻<01> GROUP Registered
MAC Address = 00-FF-9E-4F-92-99
Thanks again