I am trying to setup an openvpn over UDP on the standard port. Here is the setup I am trying to get working:
- tun
- udp
- only allow client
- allow client to see 1 server subnet
I have chosen 192.168.200.0 as the VPN subnet. I want clients to see the 192.168.100.0 subnet. I
do not want other machines on the client network to connect through the client. The clients will be windows (testing on a winxp virtual machine running inside of vmplayer) and the server is Debian etch Linux.
I have everything working up through connecting, but the problem is that it seems that the client is being identified by its non-vpn IP address and not the vpn IP address. For example, my VM is on my local client network as IP 192.168.0.5. Its VPN IP address is 192.168.200.6.
I try to connect to "\\192.168.100.102" (a server computer on the forwarded subnet). On the server log I get this error:
Code:
MULTI: bad source address from client [192.168.0.5], packet dropped
When I search for this error on google, all the responses that I have found relate to client-config-dir. This should not apply to be as that setting is only for allowing clients to connect through a client, right?
I found one solution where a Mac user said to use "ifconfig tun0 metric -1". Apparently this does not apply to the debian tunnel as I get this error:
Code:
SIOCSIFMETRIC: Operation not supported
I am using openvpn version 2.0.9-4etch1 on the server and OpenVPN GUI 2.0.9 in windows.
Here is my server.conf:
Code:
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh2048.pem
server 192.168.200.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.100.0 255.255.255.0"
# tried with and without:
;push "redirect-gateway"
push "dhcp-option DNS 192.168.200.1"
push "dhcp-option WINS 192.168.200.1"
keepalive 10 120
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 6
mute 10
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
Here are the IPTables rules I added (eth0 is the outside world, eth1 is the intranet on this server, ip forwarding is enabled):
Code:
## OpenVPN
#iptables -t nat -A POSTROUTING -s 192.168.200.0 -o eth0 -j MASQUERADE
#iptables -A INPUT -i eth0 -p udp --dport 1194 -j LOG --log-prefix "IPTABLES VPN: " --log-level 6
iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
#iptables -A FORWARD -i tun0 -s 192.168.200.0/24 -d 192.168.100.0/24 -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
Here is the client.ovpn file:
Code:
client
dev tun
proto udp
remote myserver.mydomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 6
auth-user-pass
I am a bit at a loss at this point. The openvpn documentation has not shed any light on my problem.