OpenVPN route issue

Posted by Planet Malaysia on May 15, 2009

advertisement

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.

I wouldn’t repeat how I setup OpenVPN from scratch which you can found tons of useful guide on Google. Here, I would like to share my OpenVPN routing issue and solution.

Setup details as show below:

SERVER:
LAN = 172.16.7.25X/255.255.0.0
WAN = 219.95.19x.1xx/255.255.255.252
VPN = 172.31.0.x/255.255.0.0

[root@planetmy ~]# view /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 172.31.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
push “route 172.16.0.0 255.255.0.0″
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3


[root@planetmy ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.31.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
219.95.19x.1xx 0.0.0.0 255.255.255.252 U 0 0 0 eth1
172.31.0.0 172.31.0.2 255.255.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 219.95.19x.1xx 0.0.0.0 UG 0 0 0 eth1

WINDOWS XP VPN client:
edit c:\programs files\OpenVPN\config\office.ovpn
client
dev tun
proto udp
remote 219.95.19x.1xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert test2.crt
key test2.key
ns-cert-type server
comp-lzo
verb 3

C:\ipconfig /all show:
IP ADDRESS: 172.31.0.6
NETMASK: 255.255.255.252
GATEWAY: 172.31.0.5
DHCP: 172.31.0.5

I was managed to ping 172.16.2.x/16 or 172.16.3.x/16 from server itself but not from Windows XP VPN client machine and the solution is MASQUERADE.

Type: /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Note: You can either addin extra line in your /etc/init.d/openvpn startup script OR insert into your iptables list.

Hope this is useful for you in case you facing the similar problem like me.

Possibly Related Posts:


« How to clean EMC CX 3-80 Dirty Cache?

Categories Open Source, Tips

Introduce Server Fault »

Comments

2 Responses to “OpenVPN route issue”

  1. manu on May 26th, 2009 2:25 am

    hmm.. . i’m arrived here because i was looking through routing issues, i’m not done yet however i noticed that you masked your server IP a bit but you left it totally visible in the route -n example..

    cheers.

  2. Planet Malaysia on May 26th, 2009 2:38 pm

    thanks manu

Leave a Reply




Planet Malaysia
  • Follow us on Twitter


    • web www.planetmy.com