It is currently 23.05.2017 05:00


All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: OpenVPN and Zerina - Access from Client to Green Network
PostPosted: 12.12.2009 06:19 
DES
DES

Joined: 12.12.2009 05:43
Posts: 2
Hi,

I have an operational IPCop, with a static IP. I am trying to configure a VPN to allow access from a roaming latop to any PC in the green network. Am I wrong to assume this is a feature of Zerina and OpenVPN? I can connect to the Zerina host and show connectivity. I can ping the client gateway, but I am unable to connect via Remote Desktop, NET USE, Ping, etc to the green network. I do not see any errors within the System or firewall logs to point to an issue or blocking. I have tried TUN and TAP with no further success with either. If any one can provide some input on what I am trying to do is feasible, I would appreciate it. If I am doing something wrong, which this seems to be a general theme, I will post some config info for any appreciated feedback that may be provided.

Server.conf
#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare ZERINA for listening on blue and orange
;local 71.x.x.1
dev tun
tun-mtu 1400
proto udp
port 1194
tls-server
ca /var/ipcop/ovpn/ca/cacert.pem
cert /var/ipcop/ovpn/certs/servercert.pem
key /var/ipcop/ovpn/certs/serverkey.pem
dh /var/ipcop/ovpn/ca/dh1024.pem
server 192.168.90.0 255.255.255.0
push "route 192.168.100.0 255.255.255.0"
keepalive 10 60
status-version 1
status /var/log/ovpnserver.log 30
cipher BF-CBC
comp-lzo
max-clients 100
tls-verify /var/ipcop/ovpn/verify
crl-verify /var/ipcop/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 5

On a Windows XP client, the latest openvpn client;

#OpenVPN Client conf
tls-client
client
dev tun
proto udp
tun-mtu 1400
remote vpn.ip.net 1194
pkcs12 cert.p12
cipher BF-CBC
comp-lzo
verb 5
ns-cert-type server

I have a static IP routed via a modem to IPcop/Zerina Server - Red, Green (192.168.100.0/24), Orange (192.168.101.0/24) and a VPN subnet of 192.168.90.0/24)

I am able to login with no issues. Whether it is TUN or TAP, the client still has access to the internet via it's LAN connection (currently in a NAT of the Router). I have ran traces on the client and tcpdump on the IPCOP server and see the communication on the tunnel, I just cannot communicate into the Green network. I currently have 2 clients which have allowed communication previously in another configuration so I am confident nothing is blocking the ports. 1 green client is win7, the other server 2003.

Any information or guidance would be appreciated.

Cheers,
Jeff


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN and Zerina - Access from Client to Green Network
PostPosted: 12.12.2009 09:39 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2183
not a real problem..
see FAQ an do not forget, every computer inside the local net need to know the way back to the vpn-net. There are several solutions - how to do ...


F.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN and Zerina - Access from Client to Green Network
PostPosted: 12.12.2009 18:37 
DES
DES

Joined: 12.12.2009 05:43
Posts: 2
Hi, thanks for the validation. I have truly read everything I could find and was just starting to have doubts. I found a flaw in my test client, the network I was trying to connect to on one server was not it's default gateway, so adding the route resolved that issue. I also had added the IROUTE statement to the client, I need to verify if this was truly needed. Once I went back and tried to connect, Ping, etc everything was working. Believe me, I have tried everything to get to this point previously, so still a bit puzzled. I may have to start over to just understand, but I am in a good position now. Again, thanks for the reply and push to verify the client network routing.

Cheers,
Jeff


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN and Zerina - Access from Client to Green Network
PostPosted: 13.12.2009 07:54 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2183
Imagine - you have many locations with a lot of computers ( more than 255 on each location). Try to plan it ..and even openVPN will work simply ;))

F.


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net