It is currently 23.10.2017 18:35


All times are UTC




Post new topic Reply to topic  [ 12 posts ] 
Author Message
 Post subject: Can't ping and no internet for OpenVPN WinXP Clients
PostPosted: 02.06.2008 14:38 
DES
DES

Joined: 02.06.2008 14:05
Posts: 6
All firewalls are off.

OpenVPN Server is running on Windows 2003. I have two client machines running Vista and they can connect see each other just fine, one is local and one is through the internet.

The problem is with all the local WinXP client machines. They are all on LAN and can connect to the server just fine. But they cannot ping each other and their internet is dead when OpenVPN is connected to the server. I'm not getting any errors on the logs so I'm not sure what is going on.

I followed the setup from here: http://www.itsatechworld.com/2006/01/29 ... e-openvpn/

Please help if you have any ideas whats the problem. Thank you.


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 03.06.2008 09:45 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hi

When you followed the tutorial, all internet traffic is redirected thru the vpn tunnel. Anyway, your local machines behind the vpn server should not need to connect to the openvpn server. Don't forget to add the static route to your lan's router.


Greetings
note


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 03.06.2008 12:11 
DES
DES

Joined: 02.06.2008 14:05
Posts: 6
note wrote:
Hi

When you followed the tutorial, all internet traffic is redirected thru the vpn tunnel. Anyway, your local machines behind the vpn server should not need to connect to the openvpn server. Don't forget to add the static route to your lan's router.


Greetings
note

I'm not sure what you meant, don't the local machines need to connect to openvpn server in order to be in the VPN network?

And yes, the tutorial mentioned adding the VPN routing in the router, and I did that. I'm still confused to why the all the Vista machines work, yet all the WinXP machines don't.


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 04.06.2008 15:51 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
If you set up the route in the default gateway correctly there is no need for the local machines to be connected to the vpn server. The VPN clients from outside should be able to ping/access the local machines using their LAN's IP address.

Please tell us exactly what works and what doesn't using ping:
  • Pinging from vpn client to vpn server using it's VPN IP address (ping 10.0.0.1 or similar)
  • Pinging from vpn client to vpn server using it's LAN IP address (ping 192.168.x.y or similar)
  • Pinging from vpn client to LAN router's IP address (ping 192.168.x.1 or similar)
  • Pinging from vpn client to a random LAN machine
  • Pinging from a random LAN machine to a connected vpn client using it's VPN IP address (ping 10.0.0.3 or similar)


What do you mean with XP doesn't, Vista does work ? XP/Vista as VPN client or LAN machine ?

Please post your server/client config for OpenVPN (without the comments). You may replace public IP addresses (e.g. for remote directive) with 123.123.123.123 or similar. Please don't replace your LAN IP addresses, it could confuse the reader.

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 05.06.2008 07:48 
DES
DES

Joined: 02.06.2008 14:05
Posts: 6
That was my mistake, I thought local machines had to login to VPN also to communicate with other VPN machines. So I uninstalled all VPN clients on the local machines.

Here's my setup info:

Local: 192.168.1.0 255.255.255.0
VPN: 192.168.10.0 255.255.255.128
Server IP: 192.168.1.100 /192.168.10.1
Vista Computer outside LAN: 192.168.10.3

Currently, I have only one machine outside the LAN, and it's running Vista. It can ping the server's VPN (192.168.10.1) and local IP (192.168.1.100). And the server can ping it back.

The problem now is this Vista VPN client can't ping any of the other local machines. And the local computers can't ping it either. So I'm not sure what I'm doing wrong. Please advise.

server.ovpn:
Code:
local 192.168.1.100

port 1194

proto udp

mssfix 1400

push "dhcp-option DNS 78.74.162.xxx"

push "dhcp-option DNS 78.74.162.xxx"

dev tap

#dev-node MyTAP

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt" 

cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"

key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"

dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

server 192.168.10.0 255.255.255.128

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1"

keepalive 10 120

cipher BF-CBC

comp-lzo

max-clients 100

persist-key

persist-tun

status openvpn-status.log

verb 1

client.ovpn:
Code:
client

dev tap

#dev-node MyTAP

proto udp

remote mydomain.com 1194

route 192.168.1.0 255.255.255.0 vpn_gateway 3

resolv-retry infinite

nobind

persist-key

persist-tun

ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"

cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client3.crt"

key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client3.key"

ns-cert-type server

cipher BF-CBC

comp-lzo

verb 1

route-method exe

route-delay 2

On my router's Routing settings, I have:
Code:
Destination IP: 192.168.10.0
Netmask: 255.255.255.128
Gateway: 192.168.1.100
Interface: LAN
Metric: 1


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 05.06.2008 09:13 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hello

First of all, make sure that your LAN machines don't block the 192.168.10.x Subnet. (via firewall)

If you can ping the vpn server on it's 192.168.10.1 address from a local machine, the routes should be correct. Otherwise the problem may be between your router and the vpn server. Routers sometimes run firewalls and may block the 192.168.10.0/255.255.255.128 subnet.

good luck!

note


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 05.06.2008 10:50 
DES
DES

Joined: 02.06.2008 14:05
Posts: 6
note wrote:
Hello

First of all, make sure that your LAN machines don't block the 192.168.10.x Subnet. (via firewall)

If you can ping the vpn server on it's 192.168.10.1 address from a local machine, the routes should be correct. Otherwise the problem may be between your router and the vpn server. Routers sometimes run firewalls and may block the 192.168.10.0/255.255.255.128 subnet.

good luck!

note

As I said in the first post, all firewalls are off. The local machines can ping the vpn server at 192.168.10.1. I looked through router settings and made sure the routing is correct. So I'm out of ideas now, I don't know why it's not working.

There's one thing in the tutorial that I did not do, it says:
Code:
WINDOWS 2000 SERVER:
For routing to work properly on W2K server I had to enable and configure some settings in Routing and Remote Access.

Go to Control Panel - Admin tools - Routing and remote access

Right-click computer name - Select: Configure and enable Routing and remote access

Click Next

Select: Internet Connection Server

Select: Set up a router with the Network Address Translation (NAT) routing protocol

Highlight the real network interface connected to the router when prompted: Use the selected Internet connection

Highlight the TAP-Win32 Adapter V8 when prompted: Select the routing interface for the network that should have access to the internet

Click Finish

This should take care of the routing on your server.

Since I'm running Windows 2003 server, it doesn't have the Internet Connection Server option in Routing and Remote Access. I tried the NAT option it has which is similar to the instruction above, but it didn't seem to work at all. With NAT on, the VPN client could not connect at all.

Anyway, thanks for the help so far. I wish I can make it work somehow.


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 05.06.2008 11:25 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Hello again.

Since you are using routing, there's no need to use TAP. Maybe you could try out these different config files for server and client...? Which should work if routing is correctly.
Code:
server 10.8.0.0 255.255.255.128

port 1194
proto udp
dev tun

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

client-to-client
push "route 192.168.1.0 255.255.255.0"

ping-timer-rem
keepalive 20 180

persist-key
persist-tun

verb 3


Code:
client

remote mydomain.com 1194
proto udp
dev tun

ca "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client3.crt"
key "C:\\Program Files (x86)\\OpenVPN\\easy-rsa\\keys\\client3.key"
ns-cert-type server

verb 3

# Vista stuff
route-method exe
route-delay 2

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 06.06.2008 08:56 
DES
DES

Joined: 02.06.2008 14:05
Posts: 6
I really appreciate the help, but I did what you suggested and nothing has changed. The client and server are able to ping each other, but client cannot ping other local machines. And the local machines cannot ping the client.

I don't understand what is the problem. :cry: :(


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 06.06.2008 11:27 
openvpn.eu Admin
openvpn.eu Admin
User avatar

Joined: 23.01.2006 08:05
Posts: 3321
Location: near Vienna
Did you try to use another client machine ? Maybe XP so we can make sure it doesn't depend on the OS... ?

_________________
regards,
note
Please take a look at our rules. Besucht mal unsere Wiki !


Top
Offline Profile  
Reply with quote  
 Post subject:
PostPosted: 06.06.2008 12:36 
DES
DES

Joined: 02.06.2008 14:05
Posts: 6
note wrote:
Did you try to use another client machine ? Maybe XP so we can make sure it doesn't depend on the OS... ?

You're gonna hate me for this, because I'm stupid. :red

I didn't enable IPEnableRouter in the registry. So the server wasn't forwarding the packets from VPN to LAN.

The retarded thing is I thought I already enabled it because it was in the tutorial, but appraently I didn't. :lol:

Anyway, its all working now. Thank you again for all your help.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Can't ping and no internet for OpenVPN WinXP Clients
PostPosted: 24.09.2009 14:19 
DES
DES

Joined: 24.09.2009 14:04
Posts: 1
Hello.

I am having the same problem as BebopBlues but I have already enabled the IPEnableRouter in my VPN server.

I am using the same guide but I am using an Windows XP as the server. The client is also Windows XP.

BebopBlues, I want to clarify something with you. In your previous post, You said you are using these settings in your router.

Destination IP: 192.168.10.0
Netmask: 255.255.255.128
Gateway: 192.168.1.100
Interface: LAN
Metric: 1

However, the guide said that you should use Netmask: 255.255.255.252. Which one did you actually use?

I did try both netmask but both of them did not work.

Acutally, I come up with a solution, but I don't think it should be configured this way.

I turn on the "Internet Connection Sharing" of the WAN NIC in my VPN server. It configures an Internet Sharing with the Virtual VPN NIC. After the sharing is enabled, it will change the IP address of the Virtual VPN NIC to 192.168.0.1 255.255.255.0. I then manually change it back to DHCP and it work fine.

Does anyone have an answer for this?

Thanks!!


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net