LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   OpenVPN cannot ping within network (https://www.linuxquestions.org/questions/linux-networking-3/openvpn-cannot-ping-within-network-730196/)

jwpat 06-02-2009 12:26 PM
OpenVPN cannot ping within network
 
I just set up an OpenVPN server on IPcop. My client is running Windows XP. I am able to connect to the server fine, can ping the server from the client and the client from the server. However, my client cannot actually communicate with any of the other machines within the network.



Internal network is 10.0.0.0 255.0.0.0 gateway 10.0.0.1
Internal IP Address of IPcop/openvpn server 10.5.10.131 255.0.0.0 on lan-1
External IP Address of IPcop/openvpn server 12.x.x.x 255.x.x.x on wan-1
OpenVPN server 172.16.0.1 255.255.255.255 on tun0-00
OpenVPN client assigned 172.16.0.6 by openvpn server

OpenVPN client can ping OpenVPN server on 172.16.0.1
OpenVPN client can ping OpenVPN server on 10.5.10.131
OpenVPN client cannot ping any other devices on the 10.0.0.0 network


Any thoughts? I've tried everything I can think of and cannot get this network running.

billymayday 06-03-2009 08:50 PM
Do you have an entry along the lines of

push "route 10.0.0.0 255.255.255.0"

in your server.conf?

TimothyEBaldwin 06-04-2009 06:46 PM
Quote:
Originally Posted by billymayday (Post 3562368)
Do you have an entry along the lines of

push "route 10.0.0.0 255.255.255.0"

in your server.conf?
That's not the problem, as the client can ping 10.5.10.131.

Do the hosts, or just all the routers on 10.0.0.0/8 have a route to 172.16.0.0/16 via the OpenVPN server?

billymayday 06-04-2009 06:52 PM
I assume, when he says "my client cannot actually communicate with any of the other machines within the network" that he means the network behind the VPN, is 10.0.0.0 subnet.
Expanding the scope of the VPN to include additional machines on either the client or server subnet.
Quote:
Including multiple machines on the server side when using a routed VPN (dev tun)

Once the VPN is operational in a point-to-point capacity between client and server, it may be desirable to expand the scope of the VPN so that clients can reach multiple machines on the server network, rather than only the server machine itself.

For the purpose of this example, we will assume that the server-side LAN uses a subnet of 10.66.0.0/24 and the VPN IP address pool uses 10.8.0.0/24 as cited in the server directive in the OpenVPN server configuration file.

First, you must advertise the 10.66.0.0/24 subnet to VPN clients as being accessible through the VPN. This can easily be done with the following server-side config file directive:

push "route 10.66.0.0 255.255.255.0"

Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).

Make sure that you've enabled IP and TUN/TAP forwarding on the OpenVPN server machine.
ref: http://www.openvpn.org/index.php/ope...wto.html#scope


All times are GMT -5. The time now is 09:09 PM.