LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-16-2009, 04:33 PM   #1
backforward
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Rep: Reputation: 0
OpenVPN, clients can see each other, but cannot get outside over the VPN


I have just finished setting up a basic VPN using OpenVPN. I'm able connect on all the clients (2 clients currently), and everyone can see each other (server + clients). I can access services on each machine over the VPN, share files, ping, etc. I would like to tunnell all of the client's traffic through the VPN, not just filesharing and things like that.

I'm running OpenSUSE 11.1 for the server, and my two clients are Windows XP machines.

Searching around I found a bit about changing the routing on the client, but this is something I do not know anything about. I was able to install Wireshark on the clients and the server and do a bit of testing.

On client1, I decided to play with the routing table a bit. Here is the line I changed in its original form:
Code:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.10.1  192.168.10.111       10
I deleted that line and added this line:
Code:
PS C:\Documents and Settings\Administrator> route add 0.0.0.0 mask 0.0.0.0 10.1.0.1 IF 3
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.1.0.1        10.1.0.2       1
This breaks the connection to the outside world on the client though. The VPN connection is still fine, and I can ping the other LAN machines not on the VPN, I just cannot get outside. So this leads me to believe I'm doing something wrong here

Also, just for fun, I tried adding a route to a specific website and then pinging it from the client. Here's what I did, and the result:
Code:
PS C:\Documents and Settings\Administrator> route add 207.97.211.30 mask 255.255.255.255 10.1.0.1 IF 3
PS C:\Documents and Settings\Administrator> ping clusty.com

Pinging clusty.com [207.97.211.30] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.
While I was pinging on the client, I had wireshark listening to the TAP interface on the server. The ping packets would show up on the server, but they would stop there.

I have the feeling that I need to do something on the server so that it knows what to do with these outgoing packets it receives on the VPN, but I do not know how to set this up. Here are the details on the setup:

Server: OpenSUSE 11.1
LAN IP: 192.168.10.108
VPN IP: 10.1.0.1
openvpn version: 2.0.9 x86_64
server.conf:
Code:
port 1194 # or any other port you want to use
dev tap
tls-server
cd /etc/openvpn/easy-rsa/2.0/keys
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
mode server
duplicate-cn
ifconfig 10.1.0.1 255.255.255.0 # openvpn gateway
ifconfig-pool 10.1.0.2 10.1.0.11 255.255.255.0 # ip range for openvpn client
push "dhcp-option DNS 10.1.0.1" # push DNS entries to openvpn client
push "dhcp-option DNS 10.1.0.2"
push "route-gateway 10.1.0.1" # push default gateway
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 10
ping-restart 120
push "ping 10"
push "ping-restart 60"
push "route 10.1.0.0 255.255.255.0 10.1.0.1"
comp-lzo
status openvpn-status.log
verb 4
Client 1: Windows XP
LAN IP: 192.168.10.111
VPN IP: 10.1.0.2
openvpn version: OpenVPN 2.1_rc18
client.conf:
Code:
port 1194
dev tap
remote 192.168.10.108 

tls-client
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull

comp-lzo
verb 4
Client 2: Windows XP
LAN IP: 192.168.10.110
VPN IP: 10.1.0.3
openvpn version: OpenVPN 2.1_rc18
client.conf:
(same as Client 1)

So as it stands right now, all 3 machines can see each other and talk to each other just fine over the VPN. I want the clients to be able to push all of their network traffic through the VPN though - eventually I want to be able to use an open WiFi hotspot and connect to the VPN at my home, and tunnel all of my internet traffic through my home (I'm currently using SSH tunnels, and I wanted to give VPN a try).

Any ideas/suggestions? Need more info? Thank you for taking the time to read all of this, every help/comment/suggestion is appreciated!
 
Old 06-16-2009, 04:34 PM   #2
backforward
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Original Poster
Rep: Reputation: 0
I've been digging around in YaST2 and made a few changes.

The firewall was previously disabled, so I enabled it. On the OpenSUSE box (VPN Server) eth1 is the LAN, and tap1 is the VPN. I set eth1 in the external zone, and tap1 in the internal zone, and opened up port 1194 in the external zone. I also enabled masquerading via YaST.

After doing this everything still works the same - I can connect to the VPN Server from the clients just fine, and normal VPN traffic is okay, but I am still not able to tunnel all network traffic from the clients through the VPN server.
 
Old 06-16-2009, 08:33 PM   #3
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,438

Rep: Reputation: 52
Instead of push "route-gateway..." in your server.conf, have you tried replacing that line with:

Code:
push "redirect-gateway"
-twantrd
 
Old 06-16-2009, 08:48 PM   #4
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Have you read http://www.openvpn.org/index.php/ope...html#redirect?
 
Old 06-16-2009, 10:44 PM   #5
backforward
LQ Newbie
 
Registered: Jun 2009
Posts: 3

Original Poster
Rep: Reputation: 0
I had not read that billymayday, thank you for the link.

Thank you too for your reply twantrd.

It is now up and running and working perfectly, thank you very much!
 
  


Reply

Tags
gateway, openvpn, redirect


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN routing (via one VPN to another) Robsco Linux - Networking 6 04-18-2009 03:16 AM
OpenVPN Bridge... Clients cant ping server or network ligerous Linux - Networking 1 05-24-2008 06:59 PM
Routing Between OpenVPN Clients and Remote Network... sancho Linux - Networking 2 12-14-2007 10:28 AM
OpenVPN 'privileged' clients? skubik Linux - Networking 15 10-03-2007 04:27 PM
openvpn assigns clients always to the same ip t0bias Linux - Networking 1 05-10-2007 07:08 PM


All times are GMT -5. The time now is 11:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration