OpenVPN Support Forum • I have problem.

Page 1 of 1

I have problem.

Posted: Mon Oct 24, 2011 3:34 pm

by elmemis

I configured OpenVPN P t P.

Router-1(LAN1) ---------- wan ---------- Router-2(LAN2)

In Lan1 (192.168.1.0/24) I have:
1 Router-1 Cisco WRT54G (192.168.1.1 gateway)
1 Server with Centos 5 and OpenVPN (192.168.1.250/24 Static) - 1 Ethernet card.
5 Clients Windows (DHCP).

In Lan2 (192.168.7.0/24) I have:
1 Router-2 Cisco WRT54G (192.168.7.1 gateway)
1 Server with Centos 5 and OpenVPN (192.168.7.250/24 Static) - 1 Ethernet card.
2 Clients Windows (DHCP).

Server Centos Lan 1 IP Tunnel (tun): 10.0.1.1
Server Centos Lan 2 IP Tunnel (tun): 10.0.1.2

In server Centos Lan 1 add in config: route 192.168.7.0 255.255.255.0
In server Centos Lan 2 add in config: route 192.168.1.0 255.255.255.0
In two server activate ip_forward=1

From server Centos Lan 1:
ping 10.0.1.2 Work OK.
ping 192.168.7.1 (or any win client) Not work

From server Centos Lan 2:
ping 10.0.1.1 Work OK.
ping 192.168.1.1 (or any win client) Not work

I can not find the error. I am newbie.
Can you help me with my problem?

Thanks!

Re: I have problem.

Posted: Tue Oct 25, 2011 5:35 am

by Mimiko

It's a common routing configuration problem when adding computers behind OpenVPN.
Read this: http://www.openvpn.net/index.php/open-s ... html#scope and http://www.openvpn.net/index.php/open-s ... rding.html.
Also, the clients does not have OpenVPN computer as default gateway, that's why the packets back from pconputers goes to gateway, not the VPN tunnel. You have to:
1) Move OpenVPN to default gateway;
2) Add a route to default gateway, to route packet's for the other LAN to OpenVPN computer;
3) Add a route on each computer to point the other LAN to OpenVPN computer.

Re: I have problem.

Posted: Tue Oct 25, 2011 1:50 pm

by elmemis

That is done. Already active ip forward.

What I want to do is to ping from a lan server to the remote centos and I'm not able.

I can not put the vpn server as a gateway.

Does not this working for me that I have only one network card VPN servers?.

I need to resend the servers on the same network card.
So, I have a server:
192.168.1.1 - 10.8.0.1 (Server 1, a single card).
192.168.7.1 - 10.8.0.6 (Server 2, a single card).

The 10.x.x.x IP correspond to the tunnel that runs on the same lan card.

Thanks!

Re: I have problem.

Posted: Tue Oct 25, 2011 2:07 pm

by Mimiko

Does not this working for me that I have only one network card VPN servers?.

One network card is enough.

Please use the second and third option. Please describe the IPs of what you whant to do. From what IP you whant access what IP?

Re: I have problem.

Posted: Tue Oct 25, 2011 3:20 pm

by elmemis

Config node 1:
IP Lan: 192.168.1.250
IP Wan: node1.sytes.net (example)

Code: Select all

dev tun
port 1194

secret pass.key 
ifconfig 10.0.8.1 10.0.8.6
daemon
route 192.168.7.0 255.255.255.0
log-append /tmp/vpnlog.log
status /tmp/vpnstatus.log

In windows client execute this command:

Code: Select all

route add 192.168.7.0 mask 255.255.255.0 192.168.1.250

Config node 2:
IP Lan: 192.168.7.250
IP Wan: node2.sytes.net (example)

Code: Select all

dev tun
port 1194
remote node1.sytes.net
secret pass.key
ifconfig 10.0.8.6 10.0.8.1
daemon
route 192.168.1.0 255.255.255.0
log-append /tmp/vpnlog.log
status /tmp/vpnstatus.log

In windows client execute this command:

Code: Select all

route add 192.168.1.0 mask 255.255.255.0 192.168.7.250

Re: I have problem.

Posted: Tue Oct 25, 2011 3:28 pm

by elmemis

From Lan 192.168.1.0 (include 192.168.1.250) can not access Lan 192.168.7.0 (include 192.168.7.250).

From Lan 192.168.7.0 (include 192.168.7.250) can not access Lan 192.168.1.0 (include 192.168.1.250).

From server 1 (192.168.1.250) not can access lan 192.168.7.0, only work ping 10.8.0.6.

From server 2 (192.168.7.250) not can access lan 192.168.1.0, only work ping 10.8.0.1.

In two server execute this command:

Code: Select all

sysctl -w net.ipv4.ip_forward = 1

Re: I have problem.

Posted: Wed Oct 26, 2011 5:19 am

by Mimiko

On both servers forwarding rule must be accepted by default.
On every computer in LAN 192.168.1.0 add a static route:

route add 192.168.7.0 mask 255.255.255.0 gw 192.168.1.250

On every computer in LAN 192.168.7.0 add a static route:

route add 192.168.1.0 mask 255.255.255.0 gw 192.168.7.250

Re: I have problem.

Posted: Wed Oct 26, 2011 5:41 pm

by elmemis

In both server returns me the same message:

Code: Select all

[root]# service network restart
InterrupciÃ³n de la interfaz eth0:                         [  OK  ]
InterrupciÃ³n de la interfaz de loopback:                  [  OK  ]
Deshabilitando el reenvio de paquetes IPv4:  net.ipv4.ip_forward = 0
                                                           [  OK  ]
ActivaciÃ³n de la interfaz de loopback:                    [  OK  ]
Activando interfaz eth0:                                   [  OK  ]

Automatic disable ip_forward, why?.

If I ip_forward active after restart network services, it works correctly.
I leave the ip_forward active by default.

Re: I have problem.

Posted: Wed Oct 26, 2011 5:56 pm

by elmemis

In file

Code: Select all

 /etc/init.d/network

I found the following code:

Code: Select all

if [ -f /proc/sys/net/ipv4/ip_forward ]; then
                if [ `cat /proc/sys/net/ipv4/ip_forward` != 0 ]; then
                        action $"Disabling IPv4 packet forwarding: " sysctl -w net.ipv4.ip_forward=0
                fi
          fi

and repleace for:

Code: Select all

if [ -f /proc/sys/net/ipv4/ip_forward ]; then
                if [ `cat /proc/sys/net/ipv4/ip_forward` != 1 ]; then
                        action $"Enable IPv4 packet forwarding: " sysctl -w net.ipv4.ip_forward=1
                fi
          fi

In clients Lan 192.168.1.0 execute this commands:

Code: Select all

route add 192.168.7.0 mask 255.255.255.0 192.168.1.250
route add 10.8.0.0 mask 255.255.255.0 192.168.1.250

and
In clients Lan 192.168.7.0 execute this commands::

Code: Select all

route add 192.168.1.0 mask 255.255.255.0 192.168.7.250
route add 10.8.0.0 mask 255.255.255.0 192.168.7.250

From clients lan 1 execute this commands (192.168.1.xxx) :

Code: Select all

 ping 10.8.0.6

work

Code: Select all

 ping 192.168.7.250

work

Code: Select all

 ping 192.168.7.1

gateway remote lan | not working

Code: Select all

 ping 192.168.7.x

any client this lan | not working

From clients lan 2 execute this commands (192.168.7.xxx) :

Code: Select all

 ping 10.8.0.1

work

Code: Select all

 ping 192.168.1.250

work

Code: Select all

 ping 192.168.1.1

gateway remote lan | not working

Code: Select all

 ping 192.168.1.x

any client this lan | not working

Re: I have problem.

Posted: Thu Oct 27, 2011 2:18 pm

by Mimiko

One step further.
You don't need to modify network file, just use

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward

on both OpenVPN computers. That's what remote client's are not responding. The remote GW will not respond if you didn't add those rooutes to them too.

Re: I have problem.

Posted: Thu Oct 27, 2011 7:29 pm

by elmemis

Thanks for your help!
I have been very useful.
Works fine!.
In all clients create .bat and add in startup:
Lan 1:

Code: Select all

 route add 192.168.7.0 mask 255.255.255.0 192.168.1.250

Lan 2:

Code: Select all

 route add 192.168.1.0 mask 255.255.255.0 192.168.7.250

I'll keep reading tutorials and manuals openvpn.

THANKS!!!!!!

Re: I have problem.

Posted: Thu Oct 27, 2011 7:48 pm

by Mimiko

For a persistent route other start ups, you can use -p switch:

Code: Select all

route -p add 192.168.7.0 mask 255.255.255.0 192.168.1.250

so you don't have to use bat files.