I'm a total VPN noob setting up my first openvpn on a centos VM in my office which has a LAN in the 192.168.0.x network. I've successfully configured my laptop to connect from home - it gets assigned an IP address of 10.10.10.6. I think the server is getting 10.10.10.1 and when I ping it it responds. However when I ping the server on its noraml IP address (192.168.0.108) i get nothing.
Here is the server.conf file:
local 0.0.0.0
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.0.3.0 255.255.255.0"
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 4
This is the VPN section of my server's ifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.10.10.1 P-t-P:10.10.10.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1234 (1.2 KiB) TX bytes:1158 (1.1 KiB)
Here is my laptop's ipconfig:
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c054:233e:21f1:ac42%14
IPv4 Address. . . . . . . . . . . : 10.10.10.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::b98a:8bd5:6739:1e54%12
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{BF535BB4-4351-4B88-8ED1-17613C04282F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{06736C0E-354E-4806-AA58-BDA90A1B4EDC}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:38e6:357c:3f57:fefd
Link-local IPv6 Address . . . . . : fe80::38e6:357c:3f57:fefd%16
Default Gateway . . . . . . . . . : ::
Here is the output of route print on my win7 laptop
C:\Users\BenLaptop7>route print
===========================================================================
Interface List
14...00 ff 06 73 6c 0e ......TAP-Win32 Adapter V9
12...00 21 6a 27 a7 fa ......Intel(R) WiFi Link 5300 AGN
11...00 21 70 d9 6e bb ......Intel(R) 82567LM Gigabit Network Connection
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
10.0.3.0 255.255.255.0 10.10.10.5 10.10.10.6 30
10.10.10.1 255.255.255.255 10.10.10.5 10.10.10.6 30
10.10.10.4 255.255.255.252 On-link 10.10.10.6 286
10.10.10.6 255.255.255.255 On-link 10.10.10.6 286
10.10.10.7 255.255.255.255 On-link 10.10.10.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.10.10.6 286
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.10.10.6 286
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None
... which I don't really understand but when I first got it working I was able to connect to my server (which has a couple of Samba shares) from Windows by typing \10.10.10.1 however that has recently stopped working since I rebooted the server having set the default runlevel to 5 to that I can set up a VNC client to use the VPN.
Does anyone know how I can a) get this working again and b) make it so that my server can be reached over the VPN by its usual IP address (192.168.0.108)?
Pretty sure you have to push all the subnets you want to allow, had this setup a while ago.
http://openvpn.net/index.php/open-source/documentation/howto.html
Otherwise the routes are locked down, the openvpn server is trying to keep your internal network safe. So unless you advertise the routes, the clients won't be allowed to see them.
So you'd want to do this in your server config...