cancel
Showing results for 
Search instead for 
Did you mean: 

OpenVPN

FIXED
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN


@Anonymous wrote:

OK @chenks76 does the new  log file tell you anything?

And you do have two physical network cards in the machine that's running OpenVPN with one bound to the server IP in the config and the other in the 192.168.1.XXX range?

What is the physical structure of this install?


 

it's just a standard Windows 10 system, not a server.
just the one network card.

chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN


@mssystems wrote:

Additionally,

+ Add a rule to the Windows firewall on the OpenVPN server to,
allow all traffic from the subnet 10.8.0.0 mask = 255.255.255.0

Assuming the router on the private LAN (default gateway) is 192.168.1.1
To reach other devices on the 192.168.1.0 subnet you will need to

+ Add a static route to the LAN interface of your router (default gateway),
destination = 10.8.0.0  mask = 255.255.255.0 gateway = 192.168.1.1
+ Enable IP forwarding on the Windows Open VPN server
There is a registry hack but the easiest way is to enable teh Routing and Remote Access service.


Alternatively, get yourself a Linux box, it's much easier Cheesy

 


my router is actually 192.168.1.254

Anonymous
Not applicable

Re: OpenVPN

@chenks76, looks like @mssystems has been busy so it will be interesting to hear the outcome, I hope it all works for you.

As regards the dual homed Win 10 machine I assumed you would have needed two network cards, but maybe that's not the case after all. So please let us know how you get on.

mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

Well if you post the private IP of your Windows 10 box, I will edit the post so it fits you personally Wink

 

chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

i'm sure i could add the public IP myself 😛
although i do have a static PN IP, so i wouldn't be to hard for some folk to find it
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

I asked for the private IP.

 

 

 

chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

ah oops

windows 10 system local IP
ip : 192.168.1.50
subnet : 255.255.255.0
default gateway: 192.168.1.254

windows 10 openvpn IP
ip: 10.8.0.1
subnet: 255.255.255.252
default gateway: blank
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

I've edited the post and it should be a copy and paste job for the server confg. 

The client config needs the correct remote address and your cert and keys copied in.

And then there are the additional bits and pieces to attend to on the router.  The static route is all important, otherwise you will need to add a route manually, to every device apart from the server.

 

 

 

chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

cool. i'll take a look at it later tonight or tomorrow morning
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

ok my client ovpn file looks very different to what you suggest it should be.
however, i amended it to match yours, so i will need to copy that over to the phone i guess.

trying that now

chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

update, ok well i think i've gone down a path where something has gone wrong.
now i can't even get connected to the VPN at at all.

 

this is what my original client ovpn looked like

 

client
dev tun
proto udp
remote 123.456.123.456 1194
resolv-retry infinite
nobind
persist-key
persist-tun

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\chenks-nexus6p.crt"
key "C:\\Program Files\\OpenVPN\\config\\chenks-nexus6p.key"

remote-cert-tls server
comp-lzo
verb 3

having changed it to your version (putting in my public IP) it now won't connect at all.

here are links to the new version of both files as per your suggestion
server - https://drive.google.com/open?id=0B0baRmqM98HTNjlkVTNjSWdkejg
client - https://drive.google.com/open?id=0B0baRmqM98HTREVBX09TWmFWNFE

mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

Couple of things.

I tested the client with a unified config file, with the certificates and client key embedded inline.

Does Android even have a C:\\Program Files\\OpenVPN\\config\\ folder ?

The most useful debug info is in the server log file (Show Status in OpenVPN-GUI).

Start the server, post the server log output.

Try to connect from the client, post the client log output.

 

BTW, if you upload to google drive, please add .txt to the end of the filename.

 

chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

no it doesn't, but that's what the original openvpn tutorial created, and it did connect to the VPN using that version of the client ovpn file.
the tutorial didn't create a unified config file.
i assume that it tells the client to look on the server for those files once connected.

the google drive links work fine from what i can see? it gives you a download link?
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

i assume that it tells the client to look on the server for those files once connected.

No. Absolutely not.  The client .key file contains a private key.  If we were following best practice, the client's private key would not be on the server.
the google drive links work fine from what i can see? it gives you a download link?
 
Yes, but if you add .txt on the end I can read them in a browser, with one click, rather than in a text editor with half a dozen clicks.
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

Attached capture of log file from my Android tablet.  Once connected, the client is able to ping all devices on the private LAN.