Routing to LANs behind server

[cergius]

Hi, I am learning OpenVPN and this is my scenario:

MachineClientSide>client OpenVPN>SWITCH<Server OpenVPN<MachineServerSide
192.168.2.2______200.212.128.253________200.212.128.254_____192.168.1.2
_________________192.168.2.1____________192.168.1.1
__________________10.8.0.6_______________10.8.0.1




The server and client are Windows, I Want that exists communication between MachineClientSide and MachineServerSide, I have configured OpenVPN according to this page http://www.secure-computing.net/wiki/in ... PN/Routing and These are my configuration files
Server

port 1194
proto udp
dev tun
ca "C:\\Archivos de Programa\\OpenVPN\\config\\ca.crt"
cert "C:\\Archivos de Programa\\OpenVPN\\config\\OpenVPN-CA.crt"
key "C:\\Archivos de Programa\\OpenVPN\\config\\OpenVPN-CA.key"
dh "C:\\Archivos de Programa\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
client-config-dir "C:\\Archivos de programa\\OpenVPN\\Config\\ccd\\"
route 192.168.2.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Client

client
dev tun
proto udp
remote 200.212.128.254 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Archivos de programa\\OpenVPN\\config\\ca.crt"
cert "C:\\Archivos de programa\\OpenVPN\\config\\cliente1.crt"
key "C:\\Archivos de programa\\OpenVPN\\config\\cliente1.key"
ns-cert-type server
comp-lzo
verb 3

Also I have done this:
- In every machine the firewall is disabled
- In client and server I have enabled the IP forwarding with regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
IPEnableRouter=1

With this I got:

Ping from client through 10.8.0.1, 192.168.1.1 y 192.168.1.2

From other machines I only can:

Ping from server through 10.8.0.6
Ping from MachineClientSide through 10.8.0.6
Ping from MachineServerSide through 10.8.0.1

From client I reach MachineServerSide so the line
push "route 192.168.1.0 255.255.255.0" seems to be working, but
the line route 192.168.2.0 255.255.255.0 seems not to be working
although in server I have created this directory "C:\Archivos de programa\OpenVPN\Config\ccd\" inside of folder ccd I put a file
whose name is “cliente1” (equal to the Common Name) that file contain the line
iroute 192.168.2.0 255.255.255.0

the file “cliente1”
Should it have a file name extensión?

Because I put it the extension .ovpn but doesn´t work either.

I'll wait your answers, thanks.

[janjust]

the 'client1' file should not have an extension.
for the sake of debugging, try changing the 'client-config-dir' to c:\\temp (or c:/temp) and place the file there. Also, check the name of the client using

Code: Select all

openssl x509 -subject -noout -in ....\\client1.crt

It should report '..../CN=cliente1' ; check the value that is reported in the openvpn server log file (connection from [cliente1] ... etc).

Finally, try running the openvpn server with 'verb 7' : it will generate TONS of debugging output but if the CCD file is picked up correctly it should be listed in the output as well.

[cergius]

Hi:

The problem was that the Common Name and the name of the file in the directory ccd wasn't the same, I corrected that and now it works as I want, it's great.

Thankyou