OpenVPN connects and has LAN access, but no internet

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Fri Dec 13, 2019 12:46 am

Hi, Please excuse my lack of expertise in networking. I've read several posts on this forum and on google, but couldn't resolve the issue. I feel like I am pretty close to getting OpenVPN set up the way I want. I am hoping to resolve the last issue of not being able to access the internet when VPN is connected. OpenVPN server is installed on a Windows 10 PC in an office. OpenVPN client is installed on a laptop I carry around while I am out in the field. I want to access Windows Samba share on the Windows 10 PC through VPN, but allow rest of internet traffic to NOT go through the VPN Server. As of now, I can access the Samba share when VPN is connected, but I have no internet. I am not sure if it has something to do with the client not having a default gateway for the TAP adapter, or that IP forwarding is only enabled on the Server. Server subnet is 192.168.2.1, Server LAN ip is 192.168.2.10, Client subnet is 10.62.81.1, client LAN ip is 10.62.81.15, VPN subnet is 10.8.0.0, client VPN ip is 10.8.0.2, server VPN ip is 10.8.0.1. The Config files are below. Any help on this is GREATLY appreciated!


Server Config


dev tun
dev-node OpenVPN

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret

dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 10.8.0.1 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.2.1 255.255.255.0"
push "route-metric 512"

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120

tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0

cipher AES-256-CBC

comp-lzo

max-clients 2

persist-key
persist-tun

status openvpn-status.log

verb 4

explicit-exit-notify 1




Client config

client
dev tun
proto udp4
remote xxxxxx.ddns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
verb 4
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7944
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Fri Dec 13, 2019 10:28 am

kevinpride wrote:
Fri Dec 13, 2019 12:46 am
I want to access Windows Samba share on the Windows 10 PC through VPN, but allow rest of internet traffic to NOT go through the VPN Server. As of now, I can access the Samba share when VPN is connected, but I have no internet
You are almost there.

Change these:
kevinpride wrote:
Fri Dec 13, 2019 12:46 am

Code: Select all

#push "route 10.8.0.1 255.255.255.0" # Not required
#push "route 10.8.0.0 255.255.255.0" # Not required
push "route 192.168.2.1 255.255.255.0" # This is correct but See note 1
#push "route-metric 512" # Not required
#push "redirect-gateway def1" # Not required
#push "dhcp-option DNS 8.8.8.8" # See note 2
#push "dhcp-option DNS 8.8.4.4" # See note 2
Notes:
  1. 192.168.2.0/24 is a common subnet and could cause you routing conflicts in the future.
    It is recommended that you change your server LAN to something more unique. eg: 192.168.147.0/24
  2. These will not work as you expect on Windows.
    You will be setting your DNS servers to 8.8.8.8 & 8.8.4.4 but they will not be routed through the VPN.
    If you want your DNS to use the VPN in Windows you must use --block-outside-dns (Can be pushed)

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Fri Dec 13, 2019 3:26 pm

OMG you are a lifesaver. I changed the subnet according to your note 1 to 192.168.150.0/24. I also added push "block-outside-dns", and commented out the other push lines as you suggested. Now, when connected to VPN, I have internet access, and my public IP shows I am accessing internet NOT through the VPN, which is what I wanted. Unfortunately, I now DON'T have access to the Samba shares for some reason. Any ideas that may help in getting access back to the Samba shares? Thanks so much!!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7944
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Fri Dec 13, 2019 5:40 pm

kevinpride wrote:
Fri Dec 13, 2019 3:26 pm
I changed the subnet according to your note 1 to 192.168.150.0/24
You must actually change that subnet on your server LAN and all the devices (eg: Printer) connected to that LAN, not just change the line in the config ;)

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Fri Dec 13, 2019 10:39 pm

Duh, sorry. I changed the server LAN and all devices on the LAN to 10.32.55.100. The server lan ip is now 10.32.55.110. However I still don't have access to the Samba share. I am really puzzled as to what happened. Again, your help is appreciated greatly!

Server config


port 2592
proto udp4
dev tun
dev-node OpenVPN
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.32.55.110 255.255.255.0"
push "block-outside-dns"
keepalive 10 120
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 2

persist-key
persist-tun

status openvpn-status.log

verb 4

explicit-exit-notify 1


User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7944
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Fri Dec 13, 2019 11:59 pm

Can you ping 10.8.0.1 and 10.32.55.100 from the client ?

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sat Dec 14, 2019 5:59 am

I can ping 10.8.0.1, but not 10.32.55.100. Thanks for really helping me through this process. It has been a rough few days, lol.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7944
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Sat Dec 14, 2019 2:45 pm

kevinpride wrote:
Sat Dec 14, 2019 5:59 am
I can ping 10.8.0.1, but not 10.32.55.100
Check that IP Forwarding is enabled. And double check your firewall allows it.

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sat Dec 14, 2019 6:36 pm

I enabled IP forwarding by going to regedit HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] and changing IPEnableRouter to "1". I am not sure how to make sure the firewall allows IP forwarding. I only have Windows firewall. I tried accessing the Samba share while the firewall was turned off, and I still couldn't access the Samba share. I did create Windows firewall rules to allow all the File and Printer Sharing, and ports 135-139, 445 for both TCP and UDP. I did port forwarding on my router as well, for ports 135-139,445,2592 as well. I also checked to make sure Routing and Remote Access Service is enabled and Automatic. I really appreciate your help here again.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7944
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Sun Dec 15, 2019 2:00 am

Have you considered using a sensible OS for your server .. ?

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sun Dec 15, 2019 7:13 am

I am a novice at best outside of the Windows environment unfortunately. I was hoping the setup I need could be accommodated by Windows. Are you suggesting a Linux OS? If so, which one, and are there any common pitfalls I should watch out for? Thanks again.

300000
OpenVPN Super User
Posts: 289
Joined: Tue May 01, 2012 9:30 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by 300000 » Sun Dec 15, 2019 9:53 am

kevinpride wrote:
Sun Dec 15, 2019 7:13 am
I am a novice at best outside of the Windows environment unfortunately. I was hoping the setup I need could be accommodated by Windows. Are you suggesting a Linux OS? If so, which one, and are there any common pitfalls I should watch out for? Thanks again.

i am going to help you setup openvpn running on window , you need post here what yoi did and full server and client config and what version windows 10 you use ,

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sun Dec 15, 2019 9:05 pm

Thanks 300000. I appreciate the input from TinCanTech as well, as I read many posts about the horror stories of Windows networking being inconsistent. Please see the full config below. I have added port forwarding and static routes to the router settings on the server side. I created incoming rules for Windows firewall on ports 135-139,445 for TCP and UDP on the server machine. The server and client are both running Windows 10 Pro. In the client log, I did notice one error. I am not sure what it means. Thanks for all the help.

exception parsing IPv4 route: [route] [10.32.55.100] [255.255.255.0] : tun_prop_error: route is not canonical

Server config


port 2592
proto udp4
dev tun
dev-node OpenVPN
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.32.55.100 255.255.255.0"
push "block-outside-dns"
keepalive 10 120
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 2
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1



Client config


client
dev tun
proto udp4
remote vkcpa.mynetgear.com 2592
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
verb 4


300000
OpenVPN Super User
Posts: 289
Joined: Tue May 01, 2012 9:30 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by 300000 » Sun Dec 15, 2019 10:42 pm

can you tell me what version of window 10 you installed , it this windows home or window server operate system? there are difference between windows home and windows server so I need to know before give you some advice .
why do you want to push route 10.32.55.100 ? what is address of samba server on server lan?
on server lan do you have any dns server sevice run on or not?

you said samba file share . is this run on linux or windows?

in order to access file over vpn you need WINS service which is can install on windows server or can make samba server act as WINS , so over internet you can access file server as \\ mycomputer,local\file than \\ 192.168.2.*\file

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Mon Dec 16, 2019 4:00 am

The server and client both are running Windows 10 Pro, I don't know if you need any additional version info. I am not running Windows Server OS. The lan subnet of the server is 10.32.55.100. The local ip of server (also where the samba share) is 10.32.55.110. The server is a basic pc running on Windows 10 Pro, and a shared folder. All other devices on the server lan, have access to this shared folder, mapped as a network drive. I hope this is enough info? I really don't know much about WINS service.

300000
OpenVPN Super User
Posts: 289
Joined: Tue May 01, 2012 9:30 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by 300000 » Mon Dec 16, 2019 12:43 pm

click search type " ncpa.cpl "and press enter

rename the internet netword card and openvpn netword card so it makes thing simple
click the the internet netword card and chose properties/chosing sharing tab
tick allow other netword user connect through this computer internet connection.
on drop down choose openvpn netword card if it is pressen and click ok.

right click openvpn netword card and chosse properties chose ip4 and set its ip as 10.8.0.1 subnet mask 255.255.255.0

open regedit anfd find

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
charge IPEnableRouter =1

this will make windows will lan routing all network card
go service and choose Internet Connection Sharing and choose automatic
go to service and find routing and remote access and choose automatic
just disable firewall to make connection first , after it works come back to firewall charge it later.
after that restart computer and check every sevice have been start so your openvpn run at windows wil routing all over netword card and client can go

when you try connect client to server if it work just try to go file share click search type \\ 10.32.55.110 enter
this server config not routing all internet though but only file share only


I make copy test your server config you can try and see if it works for you or not .

port 2592
proto udp4
ip-win32 manual
dev tun
dev-node OpenVPN
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
push "route 10.32.55.0 255.255.255.0 vpn_gateway"
topology subnet
server 10.8.0.0 255.255.255.0
keepalive 10 120
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0
cipher AES-256-CBC
comp-lzo
max-clients 2
persist-key
persist-tun
status openvpn-status.log
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway
register-dns

verb 4
explicit-exit-notify 1

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7944
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Mon Dec 16, 2019 1:55 pm

300000 wrote:
Mon Dec 16, 2019 12:43 pm
ip-win32 manual
..
server 10.8.0.0 255.255.255.0
Really .. ?

kevinpride
OpenVpn Newbie
Posts: 10
Joined: Sun Aug 18, 2019 4:33 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Wed Dec 18, 2019 5:27 am

Thank you 300000 and TinCanTech. I changed one of the server config lines from push "route 10.32.55.100 255.255.255.0" to push "route 10.32.55.0 255.255.255.0". I got the thought to change this line based on 300000's recommendation above. And now I have access to the shared drive. I guess the 4th segment of the subnet must be 0. The only concern I have now is this error below which shows up like 50 times. Any ideas on what's causing this error? And is this something I can safely ignore or is this a critical issue? Please advise. Thank you so much for your help.

MULTI: bad source address from client [10.25.92.101], packet dropped
MULTI: bad source address from client [10.25.92.101], packet dropped
MULTI: bad source address from client [10.25.92.101], packet dropped
MULTI: bad source address from client [10.25.92.101], packet dropped

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7944
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Wed Dec 18, 2019 11:20 am

You can safely ignore it unless you want your VPN to include the client side LAN.

Post Reply