OpenVPN Support Forum

Hi all.
I'm setting up my first VPN and having trouble. Here's the situation:
OpenVPN server on 192.168.1.3 (I know I shouldn't be using that subnet. I plan to change it once I get my head around this)
Gateway at 192.168.1.1
Various other machines on 192.168.1.x

server.conf: client.conf: I have added a route on the gateway at 192.168.1.1, going from 10.8.0.0 255.255.255.0 to 192.168.1.3, and I have UDP port 1194 forwarded to 192.168.1.3.

So, here's the problem. A client at a different location can connect to the VPN, and gets an IP of 10.8.0.6. Once connected, the client machine can successfully ping 10.8.0.1 and 192.168.1.3, but not any other machines on the 192.168.1.0 network. Also while the VPN client is connected, from any of the 192.168.1.x machines I can successfully ping 10.8.0.1, but not 10.8.0.6.

Maybe I am misinterpreting this, but it looks to me like the route on the gateway is working correctly, but the OpenVPN server itself is not routing things through to the 10.8.0.0 subnet. I suspect that my pings from the client are getting through to the right machine, but are unable to get back through the VPN server.

While the OpenVPN server is running, the route table on that machine looks like this:
Destination Gateway Genmask Flags Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 100 0 0 eth0

And ifconfig shows this:

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:924 (924.0 B) TX bytes:336 (336.0 B)

I don't know anything about point-to-point interfaces, so I'm not sure how the 10.8.0.2 address figures into things, but aside from that uncertainty the route table looks about right to me.

What's missing here?

Edit: Just to clarify, my intention is to allow single PCs to connect to the VPN from anywhere and access anything on the LAN behind it. The clients should be assumed to be on the road somewhere, so do not need to make their own LAN accessible to anything at the server end of the connection.

I've got the same goal and i'm experiencing the same issue. I put it inside a quote because it repeates the initial post.

My server is Ubuntu 9.10 with OpenVPN 2.1~rc19-1ubuntu2. Client is Windows 7 with OpenVPN 2.2-beta3.

I need client to access LAN behind server which is 192.168.0.0/24 (yeah, i should've changed that to 10.* either).

Client connects well. He can access a Samba share on 10.8.0.1. But it can't ping the LAN.

Server is 10.8.0.1 and client gets IP 10.8.0.6. Server has the following command:

Code: Select all

push "route 192.168.0.0 255.255.255.0"

Here's something strange that i found.

Client is assigned route twice during connection:
Why 10.8.0.5??

Here's what ipconfig /all reports on client:
Route is linked to gateway 10.8.0.5: I tried to delete that route and add one to gateway 10.8.0.1, but no result.


Please help us sort out!

SOLVED!

krzee has stuck my nose into a relevant FAQ topic and i immediately discovered that my server was lacking IP forwarding!

Here's a nice howto to set it on:
http://www.ducea.com/2006/08/01/how-to- ... -in-linux/

At short, you should uncomment net.ipv4.ip_forward = 1 in /etc/sysctl.conf

To avoid rebooting you then switch that thingie on with sudo sysctl -w net.ipv4.ip_forward=1

Seems to be a very basic thing, i'm ashamed to have skipped that section like ten times when skimming through the howto.

Thx again krzee!

Aha! Yeah, that did it. I missed that in the howto as well. If it had included a brief note similar to the first paragraph at that link you posted, I'm pretty sure I would not have missed it.

Thanks.

Hello

I have the same problem

I have internet through a TPLINK router. I redirect port 1194 to my openvpn server. I enable ip_forward on server but problem still persist

Server: ubuntu
Clients: Windows(XP, 7)

Firewalls are disabled

Client can ping 192.168.1.103(server lan ip) and 10.8.0.1(openvpn lan)
Server cannot ping 10.8.0.6(client)
Client cannot ping other computer from server lan
What can be the problem?

"I have added a route on the gateway at 192.168.1.1, going from 10.8.0.0 255.255.255.0 to 192.168.1.3" - i don't know how to do this on Ubuntu. Can be this the problem?

I solved my problem adding a static route in my router.

Destination IP Address: 10.8.0.0(openvpn lan)
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.103(Server IP)