It is currently 19.03.2018 01:17

All times are UTC

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Need help / suggestion on config. Thanks
PostPosted: 28.09.2009 16:12 

Joined: 28.09.2009 16:03
Posts: 1
Hi all, first off thanks you in advance for any help provided.

Current setup:
O/S: win2k3 enterprise server running openvpn
NETWORK:192.168.1.x / / gw: (linksys running dd-wrt)
TAP ADAPTER: 192.168.10.x /
ISP:Road Runner 18mbits/2mbits

I have a couple problems. Firstly after several hourse of trial and error I was finally able to establish a
connection to my open vpn server by following the guide here ... re-openvpn.
Initially, I followed the instructions and for the life of me i could not figure out why I couldnt connect then after using portqry.exe
I realized that the port was not listening. I tried seveal ports and none worked until I finally figured out that for whatever reason
I cannot get my win2k3 to listen on a UDP (win firewall disabled) port and of course per the instructions thats all i was using. I tested this by configuring openvpn to use a udp port and i would run portqry against the private ip address of my win2k3 server while logged into the server (basically running portqry on loopback) and it would never listen. So I figured id try TCP for now just to see if I can establish a connection. Finally! I was able to connect after forwarding a TCP port. After my initial connection
I was not getting internet access even after changing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters IPEnableRouter = dword:00000001
but i was able to Remote desktop to my 2k3 server with an internal 192.168.x.x address so that part was working. After doing some research
I figured out that RRAS has to be enabled on 2k3 server for me to have internet access. I did that and viola! internet access. So I am now establishing an internet connection all via vpn

Problems I am having:

1. My connection is extrememly slow. On a speakeasy speed test i wasnt breaking 200kbits :( I have encryption disabled via cipher none (see config file below). I would like to try setting openvpn with a udp port to see if that speeds up my connection, but at the moment i cant.
2. Why on earth can I not get win2k3 server to listen/open a upd port. Ive done serch after search and one forum post suggests that i have to install a
third party firewall (zonealarm) and explicitly allow the UDP port through that.

below are my working config files with TCP config and encryption disabled.

server config:

local 192.168.1.x # This is the IP address of the real network interface on the server connected to the router

port 21 # This is the port OpenVPN is running on - make sure the router is port forwarding this port to the above IP

proto tcp # UDP tends to perform better than TCP for VPN

mssfix 1400 # This setting fixed problems I was having with apps like Remote Desktop

push "dhcp-option DNS" # Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS)

push "dhcp-option DNS" # A second DNS server if you have one

dev tap

dev-node TAPS #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"

cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"

key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key" # This file should be kept secret

dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

server # This assigns the virtual IP address and subent to the server's OpenVPN connection. Make sure the Routing Table entry matches this.

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1" # This will force the clients to use the home network's internet connection

keepalive 10 120

cipher none # Blowfish (default) encryption


max-clients 100 # Assign the maximum number of clients here



status openvpn-status.log

verb 1 # This sets how detailed the log file will be. 0 causes problems and higher numbers can give you more detail for troubleshooting

# lines starting with # or ; will not be read by OpenVPN

client config:


dev tap

dev-node TAPI #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name

proto tcp

remote 21 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config

route vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be

resolv-retry infinite




ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"

cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory. This should be be different for each client.

key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key" # This file should be kept secret

ns-cert-type server

cipher none # Blowfish (default) encrytion


verb 1

Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ]  Moderator: Moderators

All times are UTC

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created