Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


freitasm

BDFL - Memuneh
73930 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#130924 2-Oct-2013 19:36
Send private message

Hello folks

Managed to get OpenVPN server up and running here, and the client connecting fine. Now I need some help with a couple of things to get it going on a more permanent basis...

1.Currently assigned IP is in the range 10.8.0.x. My LAN is 192.168.2.x

What route commands/config changes I need so that my client can see the 192.168.2.x segment?
Alternatively (and probably best) is there something I can do so that the client IP is assigned by the DHCP in my LAN instead?

2.I want to get all my network traffic going through the VPN connection once it's established, including Internet.

What route commands/config changes I need so tha my client can access the Internet through this VPN?

On my server config I have


server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.2.1"
;;; commented out in original config:
;;; server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;;; server-bridge


The client doesn't have any option related to network really.

Next steps?





Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Affiliate link
 
 
 

Affiliate link: Norton 360 antivirus provides enhanced security for your connected devices, a secure VPN for online privacy, Password Manager, Firewall, SafeCam, PC Cloud Backup, Dark Web Monitoring, Parental Control, and more. An all-in-one cybersecurity solution backed by 100% Virus Protection Promise and 60 Day Money Back Guarantee.
chevrolux
4962 posts

Uber Geek
Inactive user


  #906651 2-Oct-2013 20:19
Send private message

To access your LAN from the VPN this should do the trick....

push "route 192.168.2.0 255.255.255.0"


The line you have with 'redirect-gateway' is what should make the client send it's internet traffic though the VPN.

freitasm

BDFL - Memuneh
73930 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #906655 2-Oct-2013 20:22
Send private message

Ok, testing soon... Stay tuned!




Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project


freitasm

BDFL - Memuneh
73930 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #906660 2-Oct-2013 20:27
Send private message

Hmmm.

I see my laptop got this:

 

IPv4 Route Table 

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.110 10
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.241 25
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30
10.8.0.4 255.255.255.252 On-link 10.8.0.6 286
10.8.0.6 255.255.255.255 On-link 10.8.0.6 286
10.8.0.7 255.255.255.255 On-link 10.8.0.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
192.168.1.0 255.255.255.0 On-link 192.168.1.241 281
192.168.1.1 255.255.255.255 192.168.1.1 192.168.1.241 25
192.168.1.241 255.255.255.255 On-link 192.168.1.241 281
192.168.1.255 255.255.255.255 On-link 192.168.1.241 281
192.168.2.0 255.255.255.0 On-link 192.168.2.110 266
192.168.2.0 255.255.255.0 10.8.0.5 10.8.0.6 30

 

But my router at 192.168.2.1 is not responding, neither the Internet access is working. Tested over a 3G connection...

Hmmmm. Strange:

 

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-83-92-8C-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d5ab:3074:7734:5546%49(Preferred)
IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Wednesday, 2 October 2013 8:30:20 p.m.
Lease Expires . . . . . . . . . . : Thursday, 2 October 2014 8:30:20 p.m.
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.8.0.5
DHCPv6 IAID . . . . . . . . . . . : 822148995
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-94-B8-B4-99-BA-F7-65-A4
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled




Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project




chevrolux
4962 posts

Uber Geek
Inactive user


  #906703 2-Oct-2013 21:04
Send private message

I personally use pfsense which generate the config file for me.
Have just tried the internet redirection thing (i only use my VPN for remotely accessing my network. Don't want to send all traffic through it) and it seems all good.

Checked my config and I notice the redirect line reads
push "redirect-gateway def1"


Give that minor change a go maybe?

freitasm

BDFL - Memuneh
73930 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #906737 2-Oct-2013 21:51
Send private message

Thanks, but not working with that either...




Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project


freitasm

BDFL - Memuneh
73930 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #906879 3-Oct-2013 08:50
Send private message

I wonder if these need to be changed as well?

 
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge





Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project


marpada
384 posts

Ultimate Geek


  #906898 3-Oct-2013 09:13
Send private message

freitasm
1.Currently assigned IP is in the range 10.8.0.x. My LAN is 192.168.2.x

What route commands/config changes I need so that my client can see the 192.168.2.x segment?


On Linux servers you usually enable IP forwarding (ie routing) between the internal network and virtual interface or set up NAT. No clue how to do it on Windows though.



freitasm

BDFL - Memuneh
73930 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #906899 3-Oct-2013 09:15
Send private message

I guess is the bridging thing in the config file. I will give that a go later tonight, unless someone comes with some other ideas.





Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project


SumnerBoy
1886 posts

Uber Geek

ID Verified
Subscriber

  #1365599 13-Aug-2015 14:31
Send private message

Hey @freitasm - did you ever manage to get this working? I have a very similar setup/problem - in that once connected I can ping the LAN address of my openvpn host, but nothing else on my LAN. 

freitasm

BDFL - Memuneh
73930 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1365613 13-Aug-2015 14:40
Send private message

No, at the end I just created a VPN over SSL using built-in Windows Routing Access, seeing my clients are all Windows machines.

I would like to have OpenVPN working on Windows but didn't have the time or network knowledge to fix this.





Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project


SumnerBoy
1886 posts

Uber Geek

ID Verified
Subscriber

  #1365614 13-Aug-2015 14:43
Send private message

Bugger - back to Google searching then. BTW - I am running the OpenVPN server on a Debian server, and connecting with Windows/Android clients (in case anyone reading this can offer tips/suggestions).

Thanks @freitasm.

jamesrt
1233 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1365888 13-Aug-2015 21:22
Send private message

I've had some success with OpenVPN windows clients talking to OpenVPN Linux servers; what are you trying to achieve?

SumnerBoy
1886 posts

Uber Geek

ID Verified
Subscriber

  #1365903 13-Aug-2015 21:31
Send private message

Hey James - just so happened to be sitting in front of my PC trying to figure this out as we speak!

So I am running openVPN in a Debian container (on Proxmox). I have the standard config, i.e. VPN address space is 10.8.0.0. The openVPN host LAN address is 192.168.1.100. The gateway on my LAN (the router) is 192.168.1.1. When I connect to openVPN from an external client I get assigned 10.8.0.6 and I can ping 10.8.0.1 and 192.168.1.100 and 192.168.1.1, but nothing else on my LAN.

I would like to be able to access all other hosts on my LAN when connected to the VPN. 

I did notice a load of routes got created on my Windows client pointing to 10.8.0.5 as the gateway - not sure what this is but was wondering if it is the VPN assigned address for my router/gateway? I can't ping 10.8.0.5 but I guess that is due to the router having no routes setup for that address? Is this the problem - how can I tell my client to forward all packets for 192.168.1.0 to my openVPN host (10.8.0.1) instead of this unknown 10.8.0.5?

My server openVPN config file contains;

 

server 10.8.0.0 255.255.255.0

 

push "route 192.168.1.0 255.255.255.0"

 

push "redirect-gateway def1 bypass-dhcp"

 

push "dhcp-option DOMAIN home"

 

push "dhcp-option DNS 192.168.1.100"

 

I can't seem to work out (or find online) how to setup the necessary routes and to be honest, networking is definitely not my strong suit!

Any tips or advice would be greatly appreciated.

Cheers,
Ben

SumnerBoy
1886 posts

Uber Geek

ID Verified
Subscriber

  #1365904 13-Aug-2015 21:31
Send private message

Hey James - just so happened to be sitting in front of my PC trying to figure this out as we speak!

So I am running openVPN in a Debian container (on Proxmox). I have the standard config, i.e. VPN address space is 10.8.0.0. The openVPN host LAN address is 192.168.1.100. The gateway on my LAN (the router) is 192.168.1.1. When I connect to openVPN from an external client I get assigned 10.8.0.6 and I can ping 10.8.0.1 and 192.168.1.100 and 192.168.1.1, but nothing else on my LAN.

I would like to be able to access all other hosts on my LAN when connected to the VPN. 

I did notice a load of routes got created on my Windows client pointing to 10.8.0.5 as the gateway - not sure what this is but was wondering if it is the VPN assigned address for my router/gateway? I can't ping 10.8.0.5 but I guess that is due to the router having no routes setup for that address? Is this the problem - how can I tell my client to forward all packets for 192.168.1.0 to my openVPN host (10.8.0.1) instead of this unknown 10.8.0.5?

My server openVPN config file contains;

server 10.8.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DOMAIN home"
push "dhcp-option DNS 192.168.1.100"

I can't seem to work out (or find online) how to setup the necessary routes and to be honest, networking is definitely not my strong suit!

Any tips or advice would be greatly appreciated.

Cheers,
Ben

SumnerBoy
1886 posts

Uber Geek

ID Verified
Subscriber

  #1365910 13-Aug-2015 21:51
Send private message

I have also tried adding the following to my LAN router;

route 10.8.0.0 mask 255.255.255.0 gw 192.168.1.100

in the hope this would route any internal traffic in my LAN on the 10.8.0.0 network back to the openVPN server. But it doesn't seem to have made any difference.

I am sure there is one step I am missing here...

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.