OpenVPN Windows 10 Server, Windows 7 Client, can ping each other on VPN IPs but nothing more

Server config:

port 1194
proto udp
dev tun

dev-node MyTap
server 10.8.0.0 255.255.255.0

ca "C:\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\OpenVPN\\easy-rsa\\keys\\server.key"   
dh "C:\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

;ifconfig-pool-persist ipp.txt

keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Client config:

client
dev tun
dev-node MyTap
proto udp
remote xx.xx.xx.xx 1194

resolv-retry infinite
nobind
persist-key
persist-tun

ca "C:\\OpenVPN\\config\\ca.crt"
cert "C:\\OpenVPN\\config\\BSCLaptop.crt"
key "C:\\OpenVPN\\config\\BSCLaptop.key"

explicit-exit-notify 2
ns-cert-type server
comp-lzo
verb 5
ping 10
ping-restart 60

route-method exe
route-delay 2

The client and server are in different countries. I can connect without any errors in the logs. I can ping from the server to the client successfully via the VPN network, i.e. on server: ping 10.8.0.6. I can ping from the client to the server successfully via the VPN network, i.e. on client ping 10.8.0.1. However, I can't ping from the client to the server via the server's normal network IP (10.79.79.81) and I can't ping anything else on the server's network, i.e. the gateway/router, or get any internet traffic on the client. The network adapter providing the internet connection to the server has had "Allow other network users to connect through this computer's Internet connection" option checked in the adapter Properties->Sharing and set to the server's Tap adapter. The server has had its "Routing and Remote Access" service started and the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters has had its IPEnableRouter setting set to 1 (defualt is 0).

All firewalls are disabled on the Windows server and client machines and within the router the server connect to the internet through. Port 1194 is forwarded to the server from the router it connects to the internet through. All this worked before the server was updated from Win 7 -> Win 10 😉 Now, the two machines can ping each other via their VPN IP addresses only and do nothing more, any ideas?

Thanks.

# Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0"

Best Answer

This sounds like a routing issue and I suspect it is at the client. You firstly need to verify on the client that the packets with a destination of your server network(10.79.79.81 or whatever) are going through the VPN tunnel and not through your normal interface. Check your routing tables or use traceroute to verify.

If this traffic isn't going through the tunnel, then you need to set up your server config to push routes to the client. example from https://openvpn.net/index.php/open-source/documentation/howto.html#examples

Alternatively, configure openvpn to route ALL traffic (if that's what you want) over the VPN.

If they are indeed going to your server then you need to verify that your server knows how to route packets to the network you are trying to reach. The routing stuff can get complicated and I have no idea how suitable windows 7 is for that. You might consider setting the VPN up on a router like pfsense.

Best Answer

Related Solutions

Share openVPN connection

Openvpn – How to set up OpenVPN to accept more than 60 connections

Related Topic