OpenVPN.eu
http://forum.openvpn.eu/

OpenVPN and Zerina - Access from Client to Green Network
http://forum.openvpn.eu/viewtopic.php?f=44&t=6734
Page 1 of 1

Author:  jeffcsp [ 12.12.2009 06:19 ]
Post subject:  OpenVPN and Zerina - Access from Client to Green Network

Hi,

I have an operational IPCop, with a static IP. I am trying to configure a VPN to allow access from a roaming latop to any PC in the green network. Am I wrong to assume this is a feature of Zerina and OpenVPN? I can connect to the Zerina host and show connectivity. I can ping the client gateway, but I am unable to connect via Remote Desktop, NET USE, Ping, etc to the green network. I do not see any errors within the System or firewall logs to point to an issue or blocking. I have tried TUN and TAP with no further success with either. If any one can provide some input on what I am trying to do is feasible, I would appreciate it. If I am doing something wrong, which this seems to be a general theme, I will post some config info for any appreciated feedback that may be provided.

Server.conf
#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare ZERINA for listening on blue and orange
;local 71.x.x.1
dev tun
tun-mtu 1400
proto udp
port 1194
tls-server
ca /var/ipcop/ovpn/ca/cacert.pem
cert /var/ipcop/ovpn/certs/servercert.pem
key /var/ipcop/ovpn/certs/serverkey.pem
dh /var/ipcop/ovpn/ca/dh1024.pem
server 192.168.90.0 255.255.255.0
push "route 192.168.100.0 255.255.255.0"
keepalive 10 60
status-version 1
status /var/log/ovpnserver.log 30
cipher BF-CBC
comp-lzo
max-clients 100
tls-verify /var/ipcop/ovpn/verify
crl-verify /var/ipcop/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 5

On a Windows XP client, the latest openvpn client;

#OpenVPN Client conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote vpn.ip.net 1194
pkcs12 cert.p12
cipher BF-CBC
comp-lzo
verb 5
ns-cert-type server

I have a static IP routed via a modem to IPcop/Zerina Server - Red, Green (192.168.100.0/24), Orange (192.168.101.0/24) and a VPN subnet of 192.168.90.0/24)

I am able to login with no issues. Whether it is TUN or TAP, the client still has access to the internet via it's LAN connection (currently in a NAT of the Router). I have ran traces on the client and tcpdump on the IPCOP server and see the communication on the tunnel, I just cannot communicate into the Green network. I currently have 2 clients which have allowed communication previously in another configuration so I am confident nothing is blocking the ports. 1 green client is win7, the other server 2003.

Any information or guidance would be appreciated.

Cheers,
Jeff

Author:  dl5ym [ 12.12.2009 09:39 ]
Post subject:  Re: OpenVPN and Zerina - Access from Client to Green Network

not a real problem..
see FAQ an do not forget, every computer inside the local net need to know the way back to the vpn-net. There are several solutions - how to do ...


F.

Author:  jeffcsp [ 12.12.2009 18:37 ]
Post subject:  Re: OpenVPN and Zerina - Access from Client to Green Network

Hi, thanks for the validation. I have truly read everything I could find and was just starting to have doubts. I found a flaw in my test client, the network I was trying to connect to on one server was not it's default gateway, so adding the route resolved that issue. I also had added the IROUTE statement to the client, I need to verify if this was truly needed. Once I went back and tried to connect, Ping, etc everything was working. Believe me, I have tried everything to get to this point previously, so still a bit puzzled. I may have to start over to just understand, but I am in a good position now. Again, thanks for the reply and push to verify the client network routing.

Cheers,
Jeff

Author:  dl5ym [ 13.12.2009 07:54 ]
Post subject:  Re: OpenVPN and Zerina - Access from Client to Green Network

Imagine - you have many locations with a lot of computers ( more than 255 on each location). Try to plan it ..and even openVPN will work simply ;))

F.

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/