Help a newbie this summer!

[OllyL]

Hi all,

I'm just getting started with OpenVPN on Windows and I have a very simple question which has probably been asked a million times before so my apologies in advance.

I have setup the OpenVPN server software on a Windows 7 PC/Server on the network. The machine has a fixed IP -192.168.1.32 - and the default gateway (192.168.1.254) is just a bog standard broadband modem/router. The network does not use a domain, it's just a Windows workgroup.

I have configured the OpenVPN using these instructions here:
https://community.openvpn.net/openvpn/w ... dows_Guide
and created my certificates and what not. It uses the "tun" method of connection in the config although the network adapter in Windows is called Tap-Windows-Adapter-V9

I can connect through the VPN perfectly fine from my client. I am allocated an IP address of 10.8.0.5 and the server has the IP 10.8.0.1. I can access resources on the server fine.

The problem I have is how can I then to connect to other computers/resources in the 192.168.1.0 range from the remote client? I have tried adding this to the server config:

push "route 192.168.1.0 255.255.255.0"

but this has not worked. I also tried this on the client:

>route -p add 192.168.1.0 MASK 255.255.255.0 10.8.0.1

but still no joy.

I'm sure there is a simple answer, since this is one of the key selling points of VPN, but the answer is alluding me at the moment.

Any help would be very much appreciated!

[OllyL]

I have kind of - sort of - not really got this working for IP Addresses but I'm still struggling to resolve Windows names through the VPN.

The fix for IP addresses (although I'm not 100% this is completely working yet, it seems to work sometimes not others) was to enable IP Routing on windows:

change/create a registry setting:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: IpEnableRouter
Value Type: REG_DWORD
Value Data: 1

I ad to reboot afterwards too. To check it has been enabled use ipconfig /all and there should be a line:

IP Routing Enabled. . . . . . . . : Yes

This allowed me to ping the other adapter on my server (192.168.1.32) from the remote VPN client connecting through 10.8.0.1.

In order to access other computers on the network remotely I had to enable "Internet Connection Sharing" on the 192.168.1.32 adapter which presumably allows traffic to pass between the two adapters.

Finally I've had to fiddle around with the route> command a little bit to get it fully working but this is where I'm still having problems so just try with the above first and then create a few static routes if the above doesn't work.

As I say, I'm still having trouble resolving systems by name (this network is just a work group so these aren't FQ domain names, just computer name like "BobsPC" so if anyone has any advice here let me know!

Cheers,

Olly

[mwandelaar]

I'll try to answer your question, but it's split in 2 sections right now.

First of all your wins-server should be the windows-machine, so not 1.254 but 1.32:

Code: Select all

push "dhcp-option WINS 192.168.1.32"

Second, your local network needs to know where your vpn-network is, so on your router you need to add a static route to the vpn server:

Code: Select all

route add 10.0.8.0 netmask 255.255.255.0 gw 192.168.1.32

Probably you need to do this in the GUI.

[OllyL]

Hi there,

Thanks for your response, sadly I'm still having problems. I've updated my config to

Code: Select all

push "dhcp-option WINS 192.168.1.32"
push "dhcp-option NBT 4"

(the second line coming from another help post) and also ran the following command on the server:

Code: Select all

route 10.8.0.0 mask 255.255.255.0 192.168.1.32

but still cannot resolve on the client. If I try nbtstat I get nothing:

Code: Select all

C:\windows\system32>nbtstat -a LINKLIVE

Local Area Connection:
Node IpAddress: [10.8.0.6] Scope Id: []

    Host not found.

however if I try with IP it can resolve the name:

Code: Select all

C:\windows\system32>nbtstat -a 192.168.1.1

Local Area Connection:
Node IpAddress: [10.8.0.6] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    LINKLIVE       <00>  UNIQUE      Registered
    LINKLIVE       <03>  UNIQUE      Registered
    LINKLIVE       <20>  UNIQUE      Registered
    WORKGROUP      <1E>  GROUP       Registered
    WORKGROUP      <00>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


Ethernet:
Node IpAddress: [192.168.0.16] Scope Id: []

So it's kind of close and usually after running the above I can briefly access the resource in Windows Explorer using the netbios name.

When I check the routes again the 10.8.0.0 subnet I get a lot of different masks coming out, could this be half the problem?

Code: Select all

C:\Users\Dell 3 MJR>route print 10.8.*
===========================================================================
Interface List
 16...00 ff 9e 4f 92 99 ......TAP-Windows Adapter V9
 11...d0 67 e5 19 d9 de ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         10.8.0.0    255.255.255.0         10.8.0.2         10.8.0.1     30
         10.8.0.0    255.255.255.0         On-link      192.168.1.32     21
         10.8.0.0  255.255.255.252         On-link          10.8.0.1    286
         10.8.0.0  255.255.255.252         On-link      192.168.1.32     21
         10.8.0.0  255.255.255.255         On-link      192.168.1.32     21
         10.8.0.1  255.255.255.255         On-link          10.8.0.1    286
         10.8.0.3  255.255.255.255         On-link          10.8.0.1    286
         10.8.0.3  255.255.255.255         On-link      192.168.1.32    276
       10.8.0.255  255.255.255.255         On-link      192.168.1.32    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
  None
Persistent Routes:
  None

Cheers

[OllyL]

Also if it helps, here are the routes for the 192.168.1.0 subnet:

Code: Select all

C:\Users\Dell 3 MJR>route print 192.168.1*
===========================================================================
Interface List
 16...00 ff 9e 4f 92 99 ......TAP-Windows Adapter V9
 11...d0 67 e5 19 d9 de ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
      192.168.1.0    255.255.255.0         On-link      192.168.1.32    276
      192.168.1.0    255.255.255.0    192.168.1.254     192.168.1.32     21
     192.168.1.32  255.255.255.255         On-link      192.168.1.32    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.32    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      192.168.1.0    255.255.255.0    192.168.1.254       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
  None
Persistent Routes:
  None

[OllyL]

Also one last thing:

The remote client CAN resolve the netbios name of the VPN server

C:\windows\system32>nbtstat -a dell3mjr-pc

Code: Select all

ClientTap:
Node IpAddress: [10.8.0.4] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    DELL3MJR-PC    <00>  UNIQUE      Registered
    MJRWG          <00>  GROUP       Registered
    DELL3MJR-PC    <20>  UNIQUE      Registered
    MJRWG          <1E>  GROUP       Registered
    MJRWG          <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

    MAC Address = 00-FF-9E-4F-92-99

So it certainly appears to be a configuration problem on the server rather than a VPN issue as such.

Thanks again