Re: [Openvpn-users] Conexión openvpn server

Tue, 28 Apr 2020 00:11:54 -0700 

Hi,

On 25/04/20 21:26, Fer Nando wrote:

good evening,
I comment on all the settings you made from the beginning:
openvpn server in windows 10 whose network is 192.168.8.0/24 <http://192.168.8.0/24>, I have configured in tun mode, the network address server 10.8.0.0/24 <http://10.8.0.0/24>, I have published the network to the client with push route 192.168.8.0 255.255.255.0, I have retouched the Firewall directives to allow ping entries and shares with which, from the windows 7 openvpn client, whose ip is 10.8.0.6, ping 10.8.0.1, the server ip 192.168.9.254, I access its shared resources and I also access it by remote desktop. Now I have another computer on the network whose IP is 192.168.8.253 but I do not access these resources there, supposedly with the push route directive "192.168.9.0 255.255.255.0", it would access the entire network, but perhaps the server does not route well , I have activated the ip enable route to perform routing. On the other hand, if I make the settings in tap mode, I can access all the resources on the network, I ping the IP of the openvpn server (192.168.8.254), the IP of the second computer of the shared resources (192.168.9.253) , I also ping router 192.168.8.100 There would be some way to access all the computers on the server 192.168.8.0/24 <http://192.168.8.0/24> network with the tun directive, in addition to the push route directive and the routing on the server that you should do the most. 


most likely a return route issue on your local router:  you say you can 
ping the server from the client and vice versa. Now let's try to ping 
the VPN client from another machine in your network. I'd suspect that a

  ping 10.8.0.6
from another PC will fail (.9.253? where did the .9 come from?)
On this machine, add a route
   route add 10.8.0.0 mask 255.255.255.0 192.168.8.254

and check if you can then ping the VPN client. If so, then from the VPN 
client do the reverse and to access the resources on 192.168.9.253.


HTH,

JJK


El sáb., 25 abr. 2020 a las 11:17, Fer Nando 
(<usuariomoneste...@gmail.com <mailto:usuariomoneste...@gmail.com>>) 
escribió:


    gracias, el ip enable route, lo tengo activado en el servidor, si
    me he dado cuenta que cuando desactivo el firewall publico,
    realiza ping y llega a los recursos compartidos, probaré dicha
    opción. gracias

    thanks, the ip enable route, I have it activated on the server, if
    I have noticed that when I deactivate the public firewall, it ping
    and reach the shared resources, I will try this option. Thank you

    El vie., 24 abr. 2020 a las 9:49, Jan Just Keijser
    (<janj...@nikhef.nl <mailto:janj...@nikhef.nl>>) escribió:

        On 23/04/20 20:48, Fer Nando wrote:

        openvpn client ping server both ip 10.8.0.1 and ip 192.168.8.1
        With firewall it does not ping openvpn client computer,
        without firewall it does ping and shares.
        I think it's the public ipv4 inbound rule


        what firewall and where? on which host?
        A Windows machine does not trust the tap-win adapter by
        default, and therefore places it in the 'public' network zone
        - causing the firewall to block access to ping and shares. You
        can overcome this by adding a (bogus) default route on the
        tap-win adapter in the openvpn config on the server:
          route 0.0.0.0 0.0.0.0 vpn_gateway 999

        that will set up a default route on the tap-win adapter with a
        very high metric, so that no traffic should ever pass over it.
        With that route set, Windows lets you place the tap-win
        adapter in the home/work network zone and ping+shares should
        be available.

        Also, if you want to ping a host other than the VPN server
        ensure that IP forwarding is enabled on the VPN server.

        HTH,

        JJK



        El jue., 23 abr. 2020 a las 10:31, Jan Just Keijser
        (<janj...@nikhef.nl <mailto:janj...@nikhef.nl>>) escribió:

            Hi Fernando,

            On 22/04/20 08:52, Fer Nando wrote:
            >
            >
            > Good afternoon I have an openvpn server mounted on
            windows 10, I have
            > published the network with push route to access the
            server network
            > since I have a computer with shared resources.
            > the client connects perfectly to 10.8.0.1 (server) and
            I ping said
            > computer at 192.168.8.2, the shared resources computer
            blocks the
            > connection from the firewall, it is windows 7. if I
            disable it
            > perfectly. What policy should I add to allow me to
            connect to this
            > second computer to access shared resources.
            >
            your question is difficult to answer , as a lot of
            information is
            missing. On which network is the computer 192.168.8.2
            located?  can you
            draw a picture of your (server-side) network.
            My suspicion is that this is a routing issue - if the
            computer
            192.168.8.2 is located on the same lan as the server,
            then how would
            that machine know that packets coming in via the VPN need
            to go back to
            the VPN server?

            HTH,

            JJK






_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to