OpenVPN Support Forum

From the client side (win7 PC) I can access all network behind the openVPN sever, but from the server side (linux PC) I can only reach client's openVPN ip, but cannot ping client's external ip nor the LAN computers behind the client.

My config:
Server's network: 192.168.10.0/24
Clien's network: 192.168.0.0/24
openVPN network: 10.76.0.0/24

For the testing purposes I write routing rules by hand.

On the client's machine i add:
route add 192.168.10.0 mask 255.255.255.0 10.76.0.5(10.76.0.5 - client's gateway)
and after that I can access to he LAN behind openvpn server.

On the server I write the folowing rule:
route -net 192.168.0.0 netmask 255.255.255.0 gw 10.76.0.2(server's gateway)
but it does not help. I could only ping my client's openvpn ip.

What could be a problem?

My server's config is:
# OpenVPN server config
# Routed server

dev tun0
port 1194
proto udp

ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/private/server.key # This file should be kept secret
dh /etc/openvpn/dh1024.pem

server 10.76.0.0 255.255.255.0

;push "route 192.168.10.0 255.255.255.0"
;client-to-client

keepalive 10 120

user nobody
group nogroup

persist-key
persist-tun

ifconfig-pool-persist /etc/openvpn/ipp.txt
status /var/log/openvpn-status.log
log /var/log/openvpn.log
;log-append /var/log/openvpn.log
verb 3
;mute 20

Client's config:
# Win 7 client's config
client

dev tun
dev-node "tap1"
proto udp

remote openVPNserver 1194
;remote my-server-2 1194

resolv-retry infinite
nobind
persist-key
persist-tun

mute-replay-warnings

ca ca.crt
cert aleksei.crt
key aleksei.key

ns-cert-type server
;tls-auth ta.key 1
verb 3
mute 20
float

hi there,

to create lan-to-lan you need the following:

enable ip forwarding in both vpn endpoints (client-server)
create the appropriate firewall rules so traffic pass through the firewall

to your setup

remove any static routes you added by hand

add the following to your server config

route 192.168.0.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"

you *must* use ccd files on your server side

create a ccd file named aleksei with the following in it

iroute 192.168.0.0 255.255.255.0

and you are done

Michael.

Thank you very much for the help.

Adding ccd profile somehow helped and now I can ping win7 client's external ip as well. But the other computers of the client's LAN(192.168.0.0/24) are not accessible yet.

It seems that on the win7 host ip forwarding doesn't work, but "ipconfig /all" command shows that IP routing enabled.

AFAIK win 7 sees openvpn tap interface as untrusted..

i havent worked with 7 much though...

Michael.

ps:you must setup your clients pcs to use as default gateway the openvpn client pc

The problem seems to be solved.

I have shared "Local area connection" with openVPN connection on the client, then have reconnected a client and now I have access the client's LAN.

glad to worked.

closing topic

Michael.