I am trying to get my OpenVPN setup working for our remote office.
I've installed the OpenVPN community to server and client, created the certificates. Port forwarding rules are also in place, and connection between client and server can be made without a glitch.
But when it comes to ping the client from the server or vice-versa, I got no luck.
I've tried to temporiarly disable firewall for both server and client, but no dice.
Both of the systems are running on Windows (7 on server, 10 on client). I'm using OpenVPN GUI v11.14.0.0.
Here are my slimmed down versions of config files:
Server:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
persist-key
persist-tun
verb 3
explicit-exit-notify 1
Client:
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx xxxx
resolv-retry infinite
nobind
persist-key
persist-tun
ca "ca.crt"
cert "client.crt"
key "client.key"
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
If relevant, here is the active routing table on the client, listed while VPN is connected:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.64 50
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 281
10.8.0.4 255.255.255.252 On-link 10.8.0.6 281
10.8.0.6 255.255.255.255 On-link 10.8.0.6 281
10.8.0.7 255.255.255.255 On-link 10.8.0.6 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.42.0 255.255.255.0 On-link 192.168.42.1 281
192.168.42.1 255.255.255.255 On-link 192.168.42.1 281
192.168.42.255 255.255.255.255 On-link 192.168.42.1 281
192.168.43.0 255.255.255.0 On-link 192.168.43.64 306
192.168.43.64 255.255.255.255 On-link 192.168.43.64 306
192.168.43.255 255.255.255.255 On-link 192.168.43.64 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.8.0.6 281
224.0.0.0 240.0.0.0 On-link 192.168.42.1 281
224.0.0.0 240.0.0.0 On-link 192.168.43.64 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.8.0.6 281
255.255.255.255 255.255.255.255 On-link 192.168.42.1 281
255.255.255.255 255.255.255.255 On-link 192.168.43.64 306
===========================================================================
I feel that this is a problem of routing, but I have no clue about how to fix that.
UPDATE: Here is my interface information on the client
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e5fb:b1a6:a3ed:1715%23
IPv4 Address. . . . . . . . . . . : 192.168.42.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Unknown adapter Yerel Ağ Bağlantısı:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2c58:53c1:6455:38df%9
IPv4 Address. . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
Wireless LAN adapter Yerel Ağ Bağlantısı* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Yerel Ağ Bağlantısı* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9da:bcc9:ee66:f9e4%8
IPv4 Address. . . . . . . . . . . : 192.168.1.23
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Bluetooth Ağ Bağlantısı:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
UPDATE 2:
I've just noticed that if I try to ping the server (10.8.0.1), number of bytes out which is show on the OpenVPN GUI increases, as ping packages being sent.
Best Answer
First issue is that your only routes down the tunnel are: 10.8.0.1/32 10.8.0.4/30 10.8.0.6/32 10.8.0.7/32. You'll need to add a default route and DNS servers, so something like this to your server congfig file:
after you've done this can you update question with new config file and routing table from client