cancel
Showing results for 
Search instead for 
Did you mean: 

OpenVPN

FIXED
Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

OpenVPN

anyone here using OpenVPN?

installed server on windows 10 using this tutorial (https://community.openvpn.net/openvpn/w ... dows_Guide)
installed the client on my android phone, copied the certs across and it connects up OK.
the phone gets a 10.8.x.x. IP address.
all good so far it seems.

however, i can't seem to see any of my local network devices when connected to the VPN, which are on the 192.168.x.x IP range.
do i need to do some more config for this to work?
i'm using a billion 8800NL router (with the appropriate UDP port open).

81 REPLIES
Community Veteran
Posts: 5,667
Thanks: 1,563
Fixes: 37
Registered: ‎16-10-2014

Re: OpenVPN

This is normally done using the VPN's profile where you add the new local network and mask to the list of accessible networks but where or how it's done using this software I can't say. But knowing this might help.

Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

hmmmmm
the tutorial made no mention of that, but then i'm assuming the tutorial was to simply get the VPN working, which essentially it does.
Mml
Grafter
Posts: 27
Thanks: 3
Registered: ‎26-10-2016

Re: OpenVPN

If your subnet mask is 255.0.0.0 when connected to VPN then no wonder you cannot connect to devices on 192.168.x.x range. I would suggest either bringing these 2 ranges closer together - say, 192.168.1.x for LAN, 192.168.2.x for VPN, and use a subnet mask 255.255.254.0 - or create a bridged connection between VPN and LAN on your Win10 machine (of which I'm not too confident to advise, but in theory this is what is required).
Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

openvpn gave me no options to set IP and/or subnet.

when connected to VPN
IP 10.8.0.x
subnet 255.255.255.252

when connected to local LAN
192.168.1.x
subnet 255.255.255.0
mssystems
Rising Star
Posts: 275
Thanks: 38
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

.252 is a 30 bit subnet mask, which means you have exactly two host addresses.  10.8.0.1 and 10.8.0.2.  That is not, in itself, a problem.

My experience with Open VPN is with Red Hat and Vyos/Vyatta rather than Windows.

Open VPN is presented as a routing interface, a little like a separate ethernet card.  Traffic from the localhost is sent via the loopback interface (127.0.0.1), to the routing table, which applies the subnet mask to the destination address in the packet header and forwards to the Open VPN interface on the encrypted subnet.

If you can reach the server and ping it's 192.168.1.x address, but can not reach other devices on the subnet, you need 'forwarding' to be enabled on the server and you need the devices on the local subnet to forward packets bound for the encrypted subnet, to the server.  That probably means adding an entry to the routing tables on those other devices.

The DOS commands,

>route print

>route add

Are your friends.

 

Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

whilst connect to the VPN on my mobile

local IP 10.8.0.6
i can't ping 192.168.1.50 (which is the local IP of the windows 10 system that is running openvpn).
i can't ping 10.8.0.1 (which is the VPN local IP of the windows 10 system running openvpn).
mssystems
Rising Star
Posts: 275
Thanks: 38
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

There will be a config file on the server.  AIUI, on Windows it's named server.ovpn by default.

Look for  the line that starts

server

And is followed by an IP and mask.  You probably want to use

server 10.8.0.0 255.255.255.0

If there is a line which starts

server-bridge

You probably want to comment that out by inserting a semi colon ; in front of it.

And to connect to other devices on the 192.168.1.0 subnet, you would need

push  "route 192.168.1.0 255.255.255.0"

Ref. https://openvpn.net/index.php/open-source/documentation/howto.html#server

 

Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

in my server.ovpn file i have

server 10.8.0.0 255.255.255.0
server-bridge is already commented out
the push routes section has no current routes. i have added that line to the ovpn file.

i shall resart and see what happens.
Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

still no luck even after those changes.
Superuser
Superuser
Posts: 6,960
Thanks: 991
Fixes: 60
Registered: ‎30-07-2007

Re: OpenVPN

Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

this is the connection log showing on phone when connected to VPN

Screenshot_20161101-122746.png

Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN


@MisterW wrote:

Maybe this https://blog.remibergsma.com/2013/01/13/howto-connect-to-hosts-on-a-remote-network-using-openvpn-and... might help


 

hmm, i would need to add a route on the windows 10 system? or on the router?

mssystems
Rising Star
Posts: 275
Thanks: 38
Fixes: 1
Registered: ‎10-08-2007

Re: OpenVPN

Can you post your server config file? 

I don't need to see any of the comment lines starting # or ;

I do need to see the server directives.

 

Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: ‎24-10-2013

Re: OpenVPN

these are all settings that aren't commented out

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3