Openvpn on 2 win–help its for my graduation :)

josip2608

hello everybody !

i just wanna ask for help, if somebody know what to do..

I have 2 win machines, my and my naighborus.. we have a different WAN IP.
I need to create VPN between…
Now I instaled everything: my ip 192.168.10.1/24, other computer is 192.168.0.0/24. OpenVPN : 10.8.0.0/24, VPN server addres is 10.8.0.1 and VPN client 10.8.0.6...

I can ping those two, VPN server and client but not outside, for example my and neighborus computer (ping form 192.168.10.10 to 192.168.0.11)

I dont have router in which i can set up route mannualy (for 10.8.0.0 network), so I think its routing problem...

if anybody knows I would be very grateful...
sorry for bad english

my ser conf:

server.ovpn

local 192.168.10.10
port 1194
proto udp
dev tun
route-method exe
route-delay 2
ca ca.crt
cert mojserver.crt
key mojserver.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
push "dhcp-option WINS 192.168.10.1"
push "dhcp-option DNS 192.168.10.1"
push "dhcp-option DOMAIN vpn-diplomski.no-ip.org"
keepalive 10 120
comp-lzo
max-clients 4
persist-key
persist-tun
status openvpn-status.log
verb 3

client:

client.ovpn

client
proto udp
dev tun
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert klijent.crt
key klijent.key
comp-lzo
verb 3

Cry Havok

Assuming you've already read the OpenVPN FAQ and the documentation (in particular the how to guide) then it would suggest that routing is the problem.

If it is urgent then you may want to consider trying pfSense 2.0 (beta) since ISTR that it can do NAT on the OpenVPN link.

GruensFroeschli

NAT to the OpenVPN-tunnel is already possible with 1.2.3.
You simply need to disable autogenerated rules for vpns, assign the OpenVPN interface and create rule accordingly to your needs.
Read a bit in the OpenVPN subforum since here are a few threads explaining the needed steps.

josip2608

hello, this are my new conf files… now i can ping everything (whole 10.8.0.0 network one or another way 10.8.0.1-10.8.0.6, and I can ping from client LAN to Server LAN (from 192.168.0.13 to 192.168.10.22)). but now I have problem that I cant ping from server lan to client lan(192.168.10.22 to 192.168.0.13).. any ideas? thanks

josip2608

Server:

local 192.168.10.18

port 1194

proto udp

dev tun

dev-node MyTap

ca ca.crt
cert key.crt
key key.key

dh dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.10.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"

client-config-dir ccd
route 192.168.0.0 255.255.255.0
#iroute 192.168.0.0 255.255.255.0

push "192.168.10.1"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option WINS 10.8.0.1"

tls-auth ta.key 0
comp-lzo

max-clients 100
persist-key
persist-tun

verb 3

mute 20

Client:

client

dev tun

dev-node MyTap

proto udp

remote 110.60.20.217 1194

resolv-retry infinite

nobind

persist-key

persist-tun

mute-replay-warnings

ca ca.crt
cert client1.crt
key client1.key

ns-cert-type server

tls-auth ta.key 1

comp-lzo

mute 20