Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OpenVPN problems


  • Please log in to reply
6 replies to this topic

#1 Naviris

Naviris

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 16 October 2014 - 04:50 PM

I am trying to setup OpenVPN at work and it is not going well. I have followed all the steps and done a lot of troubleshooting to no avail. I thought I would ask here to see if anyone would be able to help. I am using OpenVPN on two windows 7 machines. I am trying to set them up as a bridged connection. One is server and one is client. They connect just fine and I see their packets going back and forth on TCPdump. Even though they are connected on OpenVPN the client and server cannot ping eachother or interact. If anyone could help me that would be greatly apreciated. Config incoming.

 

Server:

port 1194                           # you can specify a different port here
proto udp                            # it's UDP channel (can be changed to tcp)
dev tap                              # support for bridging mode
server-bridge 192.168.0.1 255.255.255.0 192.168.0.20 192.168.0.30
# line above specifies IP for 10 clients
max-clients 10                       # max 10 clients allowed
client-to-client                     # if client may see others (can be omitted)
keepalive 10 120                     # checking connection (can be omitted)
comp-lzo                             # enable LZO compression (can be omitted)
mute 3                               # hide repeating messages (after 3 reps)

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"  # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\config\\ipp.txt"      # keep record of client=virtual IP address


# Set log file verbosity.
verb 3

Client:

port 1194                           # you can specify a different port here
proto udp                            # it's UDP channel (can be changed to tcp)
dev tap                              # support for bridging mode
ifconfig 192.168.0.135 255.255.255.0   # IP address of VPN server
server-bridge 192.168.0.1 255.255.255.0 192.168.0.20 192.168.0.30
# line above specifies IP for 10 clients
max-clients 10                       # max 10 clients allowed
client-to-client                     # if client may see others (can be omitted)
keepalive 10 120                     # checking connection (can be omitted)
comp-lzo                             # enable LZO compression (can be omitted)
mute 3                               # hide repeating messages (after 3 reps)

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"  # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\config\\ipp.txt"      # keep record of client=virtual IP address


# Set log file verbosity.
verb 3

Thank you in advance for any help offered.



BC AdBot (Login to Remove)

 


#2 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 17 October 2014 - 03:21 AM

Not sure if this would help or not. Some of their tut's & faqs are a little dated. http://openvpn.net/index.php/open-source/faq/79-client/255-qconnection-initiated-with-xxxxq-but-i-cannot-ping-the-server-through-the-vpn.html



#3 Naviris

Naviris
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 17 October 2014 - 10:43 AM

I did try that already. Thank you though. Just to clarify I did disable windows firewall on both ends.



#4 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 22 October 2014 - 07:09 AM

I did try that already. Thank you though. Just to clarify I did disable windows firewall on both ends.

 

The config for the server you posted probably should have a push route line specifying client to server or Client to Client. You might have to backtrack through that HOWTO a bit in the section where they disscuss bridging. http://openvpn.net/index.php/open-source/documentation/howto.html#scope & https://community.openvpn.net/openvpn/wiki/RoutedLans Yes, figuring out all this can be very tedious and painful. Openvpn AS hyperV is easier to setup. I use to have openvpn AS appliance till heartbleed ruined my fun. Went back to simple ssh and haven't mess with openvpn since the patched ssl.


Edited by technonymous, 22 October 2014 - 07:30 AM.


#5 Naviris

Naviris
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 22 October 2014 - 10:40 AM

Thank you for your response. I have been re-reading the HOWTO in order to get a better grasp on this. One question that I can't seem to find a solid answer to is should the server be giving out an ip that is on the same subnet that it is. I thought the answer was yes and that route was not required because of the nature of the bridged ethernet type connection. I have tried to add a push route and it has not helped. Thank you for your help.


Edited by Naviris, 22 October 2014 - 10:40 AM.


#6 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 PM

Posted 23 October 2014 - 02:17 AM

Thank you for your response. I have been re-reading the HOWTO in order to get a better grasp on this. One question that I can't seem to find a solid answer to is should the server be giving out an ip that is on the same subnet that it is. I thought the answer was yes and that route was not required because of the nature of the bridged ethernet type connection. I have tried to add a push route and it has not helped. Thank you for your help.

Ok after spending more time searching their site I found the bridging tap section for windows. Basically once Openvpn is installed it creates a tap-Win32 and from there you right click it and select bridge which creates a new bridge adapter and this bridge adapter you set it up with ip subnet mask etc like in the tutorial. It can be kind of confusing woking with all the adapters. Then after the adapters are all set up you then edit your config file from tun to tap etc according to the tutorial. When you enable the firewall you need to turn off the filtering for tap and bridge. Then from there they have another howto section for other things. https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html Hope that helps you out! :bounce:


Edited by technonymous, 23 October 2014 - 02:18 AM.


#7 Naviris

Naviris
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 23 October 2014 - 11:34 AM

I have done that. Thank you though for all your help. I think I am going to go with a different solution since I can't get this to work. I really apreciate the time you spent trying to help me.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users