cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OpenVPN

FIXED
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

OpenVPN

‎31-10-2016 1:03 PM

anyone here using OpenVPN?

installed server on windows 10 using this tutorial (https://community.openvpn.net/openvpn/w ... dows_Guide)
installed the client on my android phone, copied the certs across and it connects up OK.
the phone gets a 10.8.x.x. IP address.
all good so far it seems.

however, i can't seem to see any of my local network devices when connected to the VPN, which are on the 192.168.x.x IP range.
do i need to do some more config for this to work?
i'm using a billion 8800NL router (with the appropriate UDP port open).

Message 1 of 82
(4,306 Views)
Reply
0 Thanks
81 REPLIES 81
Anonymous
Not applicable

Re: OpenVPN

‎31-10-2016 1:45 PM

This is normally done using the VPN's profile where you add the new local network and mask to the list of accessible networks but where or how it's done using this software I can't say. But knowing this might help.

Message 2 of 82
(4,293 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎31-10-2016 4:06 PM

hmmmmm
the tutorial made no mention of that, but then i'm assuming the tutorial was to simply get the VPN working, which essentially it does.
Message 3 of 82
(4,279 Views)
Reply
0 Thanks
Mml
Grafter
Posts: 27
Thanks: 3
Registered: ‎26-10-2016

Re: OpenVPN

‎31-10-2016 7:15 PM

If your subnet mask is 255.0.0.0 when connected to VPN then no wonder you cannot connect to devices on 192.168.x.x range. I would suggest either bringing these 2 ranges closer together - say, 192.168.1.x for LAN, 192.168.2.x for VPN, and use a subnet mask 255.255.254.0 - or create a bridged connection between VPN and LAN on your Win10 machine (of which I'm not too confident to advise, but in theory this is what is required).
Message 4 of 82
(4,260 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎31-10-2016 7:57 PM

openvpn gave me no options to set IP and/or subnet.

when connected to VPN
IP 10.8.0.x
subnet 255.255.255.252

when connected to local LAN
192.168.1.x
subnet 255.255.255.0
Message 5 of 82
(4,254 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎01-11-2016 10:16 AM

.252 is a 30 bit subnet mask, which means you have exactly two host addresses.  10.8.0.1 and 10.8.0.2.  That is not, in itself, a problem.

My experience with Open VPN is with Red Hat and Vyos/Vyatta rather than Windows.

Open VPN is presented as a routing interface, a little like a separate ethernet card.  Traffic from the localhost is sent via the loopback interface (127.0.0.1), to the routing table, which applies the subnet mask to the destination address in the packet header and forwards to the Open VPN interface on the encrypted subnet.

If you can reach the server and ping it's 192.168.1.x address, but can not reach other devices on the subnet, you need 'forwarding' to be enabled on the server and you need the devices on the local subnet to forward packets bound for the encrypted subnet, to the server.  That probably means adding an entry to the routing tables on those other devices.

The DOS commands,

>route print

>route add

Are your friends.

 

Message 6 of 82
(4,231 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎01-11-2016 10:57 AM

whilst connect to the VPN on my mobile

local IP 10.8.0.6
i can't ping 192.168.1.50 (which is the local IP of the windows 10 system that is running openvpn).
i can't ping 10.8.0.1 (which is the VPN local IP of the windows 10 system running openvpn).
Message 7 of 82
(4,223 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎01-11-2016 11:21 AM

There will be a config file on the server.  AIUI, on Windows it's named server.ovpn by default.

Look for  the line that starts

server

And is followed by an IP and mask.  You probably want to use

server 10.8.0.0 255.255.255.0

If there is a line which starts

server-bridge

You probably want to comment that out by inserting a semi colon ; in front of it.

And to connect to other devices on the 192.168.1.0 subnet, you would need

push  "route 192.168.1.0 255.255.255.0"

Ref. https://openvpn.net/index.php/open-source/documentation/howto.html#server

 

Message 8 of 82
(4,213 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎01-11-2016 12:03 PM

in my server.ovpn file i have

server 10.8.0.0 255.255.255.0
server-bridge is already commented out
the push routes section has no current routes. i have added that line to the ovpn file.

i shall resart and see what happens.
Message 9 of 82
(4,202 Views)
Reply
0 Thanks
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎01-11-2016 12:19 PM

still no luck even after those changes.
Message 10 of 82
(4,192 Views)
Reply
0 Thanks
MisterW
Superuser
Superuser
Posts: 16,327
Thanks: 6,263
Fixes: 448
Registered: ‎30-07-2007

Re: OpenVPN

‎01-11-2016 12:26 PM

Maybe this https://blog.remibergsma.com/2013/01/13/howto-connect-to-hosts-on-a-remote-network-using-openvpn-and... might help

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 11 of 82
(4,186 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎01-11-2016 12:32 PM

this is the connection log showing on phone when connected to VPN

Screenshot_20161101-122746.png

Message 12 of 82
(4,176 Views)
Reply
0 Thanks
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎01-11-2016 12:36 PM - edited ‎01-11-2016 12:43 PM

@MisterW wrote:

Maybe this https://blog.remibergsma.com/2013/01/13/howto-connect-to-hosts-on-a-remote-network-using-openvpn-and... might help

 

hmm, i would need to add a route on the windows 10 system? or on the router?

Message 13 of 82
(4,169 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎01-11-2016 12:51 PM

Can you post your server config file? 

I don't need to see any of the comment lines starting # or ;

I do need to see the server directives.

 

Message 14 of 82
(4,161 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎01-11-2016 1:33 PM

these are all settings that aren't commented out

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Message 15 of 82
(4,148 Views)
Reply
0 Thanks