Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
62293 posts

Uber Geek
+1 received by user: 12829

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 130924 2-Oct-2013 19:36
Send private message

Hello folks

Managed to get OpenVPN server up and running here, and the client connecting fine. Now I need some help with a couple of things to get it going on a more permanent basis...

1.Currently assigned IP is in the range 10.8.0.x. My LAN is 192.168.2.x

What route commands/config changes I need so that my client can see the 192.168.2.x segment?
Alternatively (and probably best) is there something I can do so that the client IP is assigned by the DHCP in my LAN instead?

2.I want to get all my network traffic going through the VPN connection once it's established, including Internet.

What route commands/config changes I need so tha my client can access the Internet through this VPN?

On my server config I have


server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.2.1"
;;; commented out in original config:
;;; server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;;; server-bridge


The client doesn't have any option related to network really.

Next steps?





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3784 posts

Uber Geek
+1 received by user: 1502

Subscriber

  Reply # 906651 2-Oct-2013 20:19
Send private message

To access your LAN from the VPN this should do the trick....

push "route 192.168.2.0 255.255.255.0"


The line you have with 'redirect-gateway' is what should make the client send it's internet traffic though the VPN.



BDFL - Memuneh
62293 posts

Uber Geek
+1 received by user: 12829

Administrator
Trusted
Geekzone
Lifetime subscriber

 
 
 
 




BDFL - Memuneh
62293 posts

Uber Geek
+1 received by user: 12829

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 906660 2-Oct-2013 20:27
Send private message

Hmmm.

I see my laptop got this:

 

IPv4 Route Table 

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.110 10
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.241 25
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30
10.8.0.4 255.255.255.252 On-link 10.8.0.6 286
10.8.0.6 255.255.255.255 On-link 10.8.0.6 286
10.8.0.7 255.255.255.255 On-link 10.8.0.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
192.168.1.0 255.255.255.0 On-link 192.168.1.241 281
192.168.1.1 255.255.255.255 192.168.1.1 192.168.1.241 25
192.168.1.241 255.255.255.255 On-link 192.168.1.241 281
192.168.1.255 255.255.255.255 On-link 192.168.1.241 281
192.168.2.0 255.255.255.0 On-link 192.168.2.110 266
192.168.2.0 255.255.255.0 10.8.0.5 10.8.0.6 30

 

But my router at 192.168.2.1 is not responding, neither the Internet access is working. Tested over a 3G connection...

Hmmmm. Strange:

 

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-83-92-8C-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d5ab:3074:7734:5546%49(Preferred)
IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Wednesday, 2 October 2013 8:30:20 p.m.
Lease Expires . . . . . . . . . . : Thursday, 2 October 2014 8:30:20 p.m.
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.8.0.5
DHCPv6 IAID . . . . . . . . . . . : 822148995
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-94-B8-B4-99-BA-F7-65-A4
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled




3784 posts

Uber Geek
+1 received by user: 1502

Subscriber

  Reply # 906703 2-Oct-2013 21:04
Send private message

I personally use pfsense which generate the config file for me.
Have just tried the internet redirection thing (i only use my VPN for remotely accessing my network. Don't want to send all traffic through it) and it seems all good.

Checked my config and I notice the redirect line reads
push "redirect-gateway def1"


Give that minor change a go maybe?



BDFL - Memuneh
62293 posts

Uber Geek
+1 received by user: 12829

Administrator
Trusted
Geekzone
Lifetime subscriber



BDFL - Memuneh
62293 posts

Uber Geek
+1 received by user: 12829

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 906879 3-Oct-2013 08:50
Send private message

I wonder if these need to be changed as well?

 
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge





271 posts

Ultimate Geek
+1 received by user: 96


  Reply # 906898 3-Oct-2013 09:13
Send private message

freitasm
1.Currently assigned IP is in the range 10.8.0.x. My LAN is 192.168.2.x

What route commands/config changes I need so that my client can see the 192.168.2.x segment?


On Linux servers you usually enable IP forwarding (ie routing) between the internal network and virtual interface or set up NAT. No clue how to do it on Windows though.



BDFL - Memuneh
62293 posts

Uber Geek
+1 received by user: 12829

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 906899 3-Oct-2013 09:15
Send private message
1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1365599 13-Aug-2015 14:31
Send private message

Hey @freitasm - did you ever manage to get this working? I have a very similar setup/problem - in that once connected I can ping the LAN address of my openvpn host, but nothing else on my LAN. 



BDFL - Memuneh
62293 posts

Uber Geek
+1 received by user: 12829

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1365613 13-Aug-2015 14:40
Send private message

No, at the end I just created a VPN over SSL using built-in Windows Routing Access, seeing my clients are all Windows machines.

I would like to have OpenVPN working on Windows but didn't have the time or network knowledge to fix this.





1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1365614 13-Aug-2015 14:43
Send private message

Bugger - back to Google searching then. BTW - I am running the OpenVPN server on a Debian server, and connecting with Windows/Android clients (in case anyone reading this can offer tips/suggestions).

Thanks @freitasm.

785 posts

Ultimate Geek
+1 received by user: 247

Trusted
Subscriber

  Reply # 1365888 13-Aug-2015 21:22
Send private message

I've had some success with OpenVPN windows clients talking to OpenVPN Linux servers; what are you trying to achieve?

1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1365903 13-Aug-2015 21:31
Send private message

Hey James - just so happened to be sitting in front of my PC trying to figure this out as we speak!

So I am running openVPN in a Debian container (on Proxmox). I have the standard config, i.e. VPN address space is 10.8.0.0. The openVPN host LAN address is 192.168.1.100. The gateway on my LAN (the router) is 192.168.1.1. When I connect to openVPN from an external client I get assigned 10.8.0.6 and I can ping 10.8.0.1 and 192.168.1.100 and 192.168.1.1, but nothing else on my LAN.

I would like to be able to access all other hosts on my LAN when connected to the VPN. 

I did notice a load of routes got created on my Windows client pointing to 10.8.0.5 as the gateway - not sure what this is but was wondering if it is the VPN assigned address for my router/gateway? I can't ping 10.8.0.5 but I guess that is due to the router having no routes setup for that address? Is this the problem - how can I tell my client to forward all packets for 192.168.1.0 to my openVPN host (10.8.0.1) instead of this unknown 10.8.0.5?

My server openVPN config file contains;

 

server 10.8.0.0 255.255.255.0

 

push "route 192.168.1.0 255.255.255.0"

 

push "redirect-gateway def1 bypass-dhcp"

 

push "dhcp-option DOMAIN home"

 

push "dhcp-option DNS 192.168.1.100"

 

I can't seem to work out (or find online) how to setup the necessary routes and to be honest, networking is definitely not my strong suit!

Any tips or advice would be greatly appreciated.

Cheers,
Ben

1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1365904 13-Aug-2015 21:31
Send private message

Hey James - just so happened to be sitting in front of my PC trying to figure this out as we speak!

So I am running openVPN in a Debian container (on Proxmox). I have the standard config, i.e. VPN address space is 10.8.0.0. The openVPN host LAN address is 192.168.1.100. The gateway on my LAN (the router) is 192.168.1.1. When I connect to openVPN from an external client I get assigned 10.8.0.6 and I can ping 10.8.0.1 and 192.168.1.100 and 192.168.1.1, but nothing else on my LAN.

I would like to be able to access all other hosts on my LAN when connected to the VPN. 

I did notice a load of routes got created on my Windows client pointing to 10.8.0.5 as the gateway - not sure what this is but was wondering if it is the VPN assigned address for my router/gateway? I can't ping 10.8.0.5 but I guess that is due to the router having no routes setup for that address? Is this the problem - how can I tell my client to forward all packets for 192.168.1.0 to my openVPN host (10.8.0.1) instead of this unknown 10.8.0.5?

My server openVPN config file contains;

server 10.8.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DOMAIN home"
push "dhcp-option DNS 192.168.1.100"

I can't seem to work out (or find online) how to setup the necessary routes and to be honest, networking is definitely not my strong suit!

Any tips or advice would be greatly appreciated.

Cheers,
Ben

1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  Reply # 1365910 13-Aug-2015 21:51
Send private message

I have also tried adding the following to my LAN router;

route 10.8.0.0 mask 255.255.255.0 gw 192.168.1.100

in the hope this would route any internal traffic in my LAN on the 10.8.0.0 network back to the openVPN server. But it doesn't seem to have made any difference.

I am sure there is one step I am missing here...

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.