cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OpenVPN

FIXED
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎02-11-2016 3:30 PM

@Anonymous wrote:

OK @chenks76 does the new  log file tell you anything?

And you do have two physical network cards in the machine that's running OpenVPN with one bound to the server IP in the config and the other in the 192.168.1.XXX range?

What is the physical structure of this install?

 

it's just a standard Windows 10 system, not a server.
just the one network card.

Message 31 of 82
(2,402 Views)
Reply
0 Thanks
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎02-11-2016 3:33 PM

@mssystems wrote:

Additionally,

+ Add a rule to the Windows firewall on the OpenVPN server to,
allow all traffic from the subnet 10.8.0.0 mask = 255.255.255.0

Assuming the router on the private LAN (default gateway) is 192.168.1.1
To reach other devices on the 192.168.1.0 subnet you will need to

+ Add a static route to the LAN interface of your router (default gateway),
destination = 10.8.0.0  mask = 255.255.255.0 gateway = 192.168.1.1
+ Enable IP forwarding on the Windows Open VPN server
There is a registry hack but the easiest way is to enable teh Routing and Remote Access service.


Alternatively, get yourself a Linux box, it's much easier Cheesy

 

my router is actually 192.168.1.254

Message 32 of 82
(2,400 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: OpenVPN

‎02-11-2016 3:37 PM

@chenks76, looks like @mssystems has been busy so it will be interesting to hear the outcome, I hope it all works for you.

As regards the dual homed Win 10 machine I assumed you would have needed two network cards, but maybe that's not the case after all. So please let us know how you get on.

Message 33 of 82
(2,391 Views)
Reply
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎02-11-2016 3:37 PM

Well if you post the private IP of your Windows 10 box, I will edit the post so it fits you personally Wink

 

Message 34 of 82
(2,390 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎02-11-2016 3:39 PM

i'm sure i could add the public IP myself 😛
although i do have a static PN IP, so i wouldn't be to hard for some folk to find it
Message 35 of 82
(2,388 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎02-11-2016 3:41 PM

I asked for the private IP.

 

 

 

Message 36 of 82
(2,385 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎02-11-2016 3:48 PM

ah oops

windows 10 system local IP
ip : 192.168.1.50
subnet : 255.255.255.0
default gateway: 192.168.1.254

windows 10 openvpn IP
ip: 10.8.0.1
subnet: 255.255.255.252
default gateway: blank
Message 37 of 82
(2,373 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎02-11-2016 4:18 PM

I've edited the post and it should be a copy and paste job for the server confg. 

The client config needs the correct remote address and your cert and keys copied in.

And then there are the additional bits and pieces to attend to on the router.  The static route is all important, otherwise you will need to add a route manually, to every device apart from the server.

 

 

 

Message 38 of 82
(2,367 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎02-11-2016 5:25 PM

cool. i'll take a look at it later tonight or tomorrow morning
Message 39 of 82
(2,350 Views)
Reply
0 Thanks
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎02-11-2016 8:33 PM

ok my client ovpn file looks very different to what you suggest it should be.
however, i amended it to match yours, so i will need to copy that over to the phone i guess.

trying that now

Message 40 of 82
(2,339 Views)
Reply
0 Thanks
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎02-11-2016 8:47 PM - edited ‎02-11-2016 8:54 PM

update, ok well i think i've gone down a path where something has gone wrong.
now i can't even get connected to the VPN at at all.

 

this is what my original client ovpn looked like

 

client
dev tun
proto udp
remote 123.456.123.456 1194
resolv-retry infinite
nobind
persist-key
persist-tun

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\chenks-nexus6p.crt"
key "C:\\Program Files\\OpenVPN\\config\\chenks-nexus6p.key"

remote-cert-tls server
comp-lzo
verb 3

having changed it to your version (putting in my public IP) it now won't connect at all.

here are links to the new version of both files as per your suggestion
server - https://drive.google.com/open?id=0B0baRmqM98HTNjlkVTNjSWdkejg
client - https://drive.google.com/open?id=0B0baRmqM98HTREVBX09TWmFWNFE

Message 41 of 82
(2,333 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎02-11-2016 11:36 PM

Couple of things.

I tested the client with a unified config file, with the certificates and client key embedded inline.

Does Android even have a C:\\Program Files\\OpenVPN\\config\\ folder ?

The most useful debug info is in the server log file (Show Status in OpenVPN-GUI).

Start the server, post the server log output.

Try to connect from the client, post the client log output.

 

BTW, if you upload to google drive, please add .txt to the end of the filename.

 

Message 42 of 82
(2,316 Views)
Reply
chenks76
All Star
Posts: 3,274
Thanks: 336
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

‎03-11-2016 7:52 AM

no it doesn't, but that's what the original openvpn tutorial created, and it did connect to the VPN using that version of the client ovpn file.
the tutorial didn't create a unified config file.
i assume that it tells the client to look on the server for those files once connected.

the google drive links work fine from what i can see? it gives you a download link?
Message 43 of 82
(2,304 Views)
Reply
0 Thanks
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎03-11-2016 8:14 AM

i assume that it tells the client to look on the server for those files once connected.

No. Absolutely not.  The client .key file contains a private key.  If we were following best practice, the client's private key would not be on the server.
the google drive links work fine from what i can see? it gives you a download link?
 
Yes, but if you add .txt on the end I can read them in a browser, with one click, rather than in a text editor with half a dozen clicks.
Message 44 of 82
(2,298 Views)
Reply
mssystems
Aspiring Pro
Posts: 290
Thanks: 45
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

‎03-11-2016 8:18 AM

Attached capture of log file from my Android tablet.  Once connected, the client is able to ping all devices on the private LAN.

Message 45 of 82
(2,295 Views)
Reply