Posted: Sun Sep 20, 2009 18:45 Post subject: openvpn connect perfectly but unable access router
Hi,
I followed the guide VPN (the easy way) 24+, which was excellent by the way.
I am able to connect with openvpn to my lan (192.168.0.0) remotely, Everything work fine except a detail that I don't understand.
I can't access the router address 192.168.0.1
I try to ping it, reach the web server, there is nothing I can do, it is impossible to reach it. The weirdest thing is that when I had setup the openvpn at first I am sure I was able.
Which configuration I should check that can solve this issue.
Joined: 12 Dec 2007 Posts: 778 Location: Pittsburgh, PA USA
Posted: Mon Sep 21, 2009 12:35 Post subject:
Are you using routed or bridged connection? It would help to post your server and client config files. _________________ __________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
Joined: 12 Dec 2007 Posts: 778 Location: Pittsburgh, PA USA
Posted: Mon Sep 21, 2009 18:34 Post subject:
Just to make sure I understand, you're connecting from a client PC to your LAN? You're not doing LAN to LAN between routers? _________________ __________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
Joined: 12 Dec 2007 Posts: 778 Location: Pittsburgh, PA USA
Posted: Mon Sep 21, 2009 19:30 Post subject:
I have a similar setup with my laptop, but I use a bridged configuration. I haven't tried to use a routed config, but I'd bet that it has something to do with the IPtables rules. You'd probably need to allow the relevant ports from the remote subnet.
For a small number of clients (ie 1), I'm not sure what the advantage is for Routed over Bridged. I've been using this config for some time now with no issues on the LAN or remote side.
My server config:
Code:
mode server
client-to-client
tls-server
192.168.1.180 192.168.1.190
cipher AES-256-CBC
dev tap0
proto udp
port 1193
keepalive 10 120
comp-lzo
duplicate-cn
management localhost 5001
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
Client config:
Code:
remote my.dyndns.entry 1193
persist-key
tls-client
proto udp
ca ca.crt
nobind
persist-tun
cert cert.crt
comp-lzo
dev tap
key key.key
ns-cert-type server
verb 3
resolv-retry infinite
keepalive 10 120
float
cipher AES-256-CBC
Joined: 12 Dec 2007 Posts: 778 Location: Pittsburgh, PA USA
Posted: Mon Sep 21, 2009 21:15 Post subject:
Is there something else that could be using the 192.168.0.0 subnet on your laptop. For example, VMWare workstation? Is it possible something in your laptop's LAN network is using 192.168.0.1?
You might try a Tracert to it. If it's going across the VPN, your laptop should be the only hop before it dies. If it goes anywhere else, you have a routing problem on your laptop. _________________ __________________________
Netgear R7800
DD-WRT v3.0 STD
Linksys WRT1900AC
DD-WRT v3.0 STD
When i did the tracert check in the screenshot what it give.
My openvpn subnet 192.168.66.0 will have to reach the gateway that is map to 192.168.66.1 (this address don't exist it's the openvpn adress that is create for the tap adapter) and a route will map my internal network to this.
How i can reach 192.168.0.1 with my route... You know like :
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Tue Sep 22, 2009 3:58 Post subject:
The problem *could* be with the network you are connecting from. Imagine connecting to a network where your IP range is already 182.168.0.x. That tends to be one of the more commonly used "private" networks today. It could be that your laptop is being "confused" and unable to route due to similar addressing scheme on the local network.
To be absolutely certain this is *not* the case, you might want to change to a less commonly used network address range. (Maybe 10.1.10.x, or any other random private IP address range.) _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.