What special considerations are needed when setting up an openVPN server that you want to connect to with a router as a client? Currently I have an openVPN server setup in windows which works fine when using the windows client software, but gets stuck when trying to load the same .ovpn client file to the router and connect from there.
I've tried using IP passthrough on my (server connection) router but that hasn't helped. I'm sure I'm missing a piece of the puzzle here that would allow this config to work fine when using the desktop client vs the router as a client.
Any help is super appreciated!
Server
server 10.8.0.0 255.255.255.0
port 1195
dev tun
dev-node ServerVPN
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
client-config-dir "C:\\Program Files\\OpenVPN\\config"
client-to-client
keepalive 10 120
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"
cipher AES-256-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 3
route-delay 5
route-method exe
Client
client
dev tun
proto tcp
remote <redacted>
port 1195
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb
pull
cipher AES-256-CBC
auth SHA256
<ca>
-----BEGIN CERTIFICATE-----
MIIGoTCCBImgAwIBAgIJAIOpP9CfY/7mMA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD
-----END CERTIFICATE-----
</ca>
<key>
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC+fl45ai6u0wuv
ppnUvu8WB17jNWJH7Lf7smSTRTk67g==
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIG6TCCBNGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMx
ov2P7Gq6NOSL6nLHHsrt+UDA5sJz2+UUjbCjjVIUL5DyDi2S57SV/lnofPjL
-----END CERTIFICATE-----
</cert>
[olog]
Thu Mar 24 09:19:13 2022 TCP connection established with [AF_INET6]::ffff:192.168.1.254:1195
Thu Mar 24 09:19:13 2022 192.168.1.254 TLS: Initial packet from [AF_INET6]::ffff:192.168.1.254:1195, sid=b5f99e7f 18aa5a50
Thu Mar 24 09:19:13 2022 192.168.1.254 VERIFY OK: depth=1, C=US, ST=TX, L=Frisco, O=OpenVPN, OU=Key, CN=serverVPN, name=vpnKey, emailAddress=mail@host.domain
Thu Mar 24 09:19:13 2022 192.168.1.254 VERIFY OK: depth=0, C=US, ST=TX, L=Frisco, O=OpenVPN, OU=Key, CN=ClientVPN, name=vpnKey, emailAddress=mail@host.domain
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_VER=2.5.6
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_PLAT=win
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_PROTO=6
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_NCP=2
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_LZ4=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_LZ4v2=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_LZO=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_COMP_STUB=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_COMP_STUBv2=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_TCPNL=1
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_GUI_VER=OpenVPN_GUI_11
Thu Mar 24 09:19:13 2022 192.168.1.254 peer info: IV_SSO=openurl,crtext
Thu Mar 24 09:19:13 2022 192.168.1.254 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1572'
Thu Mar 24 09:19:13 2022 192.168.1.254 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
Thu Mar 24 09:19:13 2022 192.168.1.254 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Thu Mar 24 09:19:13 2022 192.168.1.254 [ClientVPN] Peer Connection Initiated with [AF_INET6]::ffff:192.168.1.254:1195
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 OPTIONS IMPORT: reading client specific options from: C:\Program Files\OpenVPN\config\ClientVPN
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: Learn: 10.10.10.5 -> ClientVPN/192.168.1.254
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: primary virtual IP for ClientVPN/192.168.1.254: 10.10.10.5
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: internal route 192.168.182.0/24 -> ClientVPN/192.168.1.254
Thu Mar 24 09:19:13 2022 ClientVPN/192.168.1.254 MULTI: Learn: 192.168.182.0/24 -> ClientVPN/192.168.1.254
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 PUSH: Received control message: 'PUSH_REQUEST'
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 SENT CONTROL [ClientVPN]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.5 10.10.10.6,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Mar 24 09:19:14 2022 ClientVPN/192.168.1.254 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
[/olog]