W
W
wwwatson2014-11-06 23:32:17
openvpn
wwwatson, 2014-11-06 23:32:17

How to get into the network behind an openvpn server?

Task. Get into the internal network of the organization from the outside.
The VPN server is located behind the router (forwarding is done and working).
I connect to it remotely (let's say via a Usb modem).
The organization's network itself is 192.168.2.x. The IP address of the server on which the openvpn server is 192.168.2.20. The IP address of the vpn server at startup is 192.168.10.1
When the vpn is connected, the client receives an IP address of 192.168.10.6 (The client IP itself is 192.168.42.188)
There is a mutual ping between 192.168.10.1 and 192.168.10.6. But there is no ping to 192.168.2.20 and to 192.168.43.188.
Routes are written. Through rout print I see
Therefore to computers of a network of the organization 192.168.2.х (or to a router 192.168.2.1) is not present.
How do I understand what else needs to be written in the config?
Server conf

Dev Tun
Proto TCP-Server
Port 5190 TLS-Server Server 192.168.10.0 255.255.255.0 Client- to -Client Comp -
Lzo Route 192.168.42.0 255.255.255.0 192.168.10.6 Push "Route 192.168.1.0 255.255.255.0 192.168.10.1" DH C:\\OpenVPN\\ssl\\dh1024.pem ca C:\\OpenVPN\\ssl\\ca.crt cert C:\\OpenVPN\\ssl\\Server.crt key C:\\OpenVPN\\ssl \\Server.key tls-auth C:\\OpenVPN\\ssl\\ta.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 keepalive 10 120 status C:\\OpenVPN\\log\\openvupn- status.log log C:\\OpenVPN\\log\\openvpn.log verb 3

Client conf
client
dev tun
proto tcp
remote x.x.x.x
port 5190
tls-client
persist-key
persist-tun
ns-cert-type server
ca C:\\OpenVPN\\ssl\\ca.crt
cert C:\\OpenVPN \\ssl\\client.crt
key C:\\OpenVPN\\ssl\\client.key
tls-auth C:\\OpenVPN\\ssl\\ta.key 1
ns-cert-type server
comp-lzo
tun- mtu 1500
tun-mtu-extra 32
mssfix 1450
verb 3
ping-restart 60
ping 10
log-append "C:\\OpenVPN\\log\\openvpn.log"
status "C:\\OpenVPN\\log\\status. log"

server print
0.0.0.0 0.0.0.0 192.168.42.129 192.168.42.188
127.0.0.0 255.0.0.0 On-Link 127.0.0.1
127.0.0.1 255.255.255.255 On-Link 127.0.0.1
127.255.255.255 255.255.255.255 255.255.255.255 On-Link 127.0.0.1
192.168. 1.0 255.255.255.0 192.168.10.1 192.168.42.188
192.168.10.0 255.255.255.0 192.168.10.5 192.168.10.6
192.168.10.4 255.255.255.252 on-link 192.168.10.6
192.168.10.6 255.255.255.255 On-Link 192.168.10.6
192.168.10.7 255.255 .255.255 On-link 192.168.10.6
192.168.42.0 255.255.255.0 On-link 192.168.42.188
192.168.42.188 255.255.255.255 Online 192.168.42.188
192.168.42.255 255.255.255.255 Online 192.168.42.188

Client print
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.47 25
127.0.0.0 255.0.0.0 ON-LINK 127.0.0.1 306
127.0.0.1 255.255.255.255 On-Link 127.0.0.1 306
127.255.255.255 255.255.255.255 255.255.255.255 On-Link 127.0. 0.1 306
192.168.1.0 255.255.255.0 On-Link 192.168.1.47 281
192.168.1.47 255.255.255.255 On-Link 192.168.1.47 281
192.168.1.255 255.255.255.255 On-Link 192.168.1.47 281
192.168.1.47, 281.12.168.0 192.168.10.2 192.168.10.1 20
192.168.10.0 255.255.255.252 On-link 192.168.10.1 276
192.168.10.1 255.255.255.255 On-link 192.168.10.1 276
192.168.10.3 255.255.255.255 On-Link 192.168.10.1 276
192.168.42.0 255.255.255.0 192.16.155.255.0 192.168.10.6 192.168.1.47 26

Answer the question

In order to leave comments, you need to log in

3 answer(s)
S
sHaggY_caT, 2014-11-07
@sHaggY_caT

You need to configure NAT on the OpenVPN server, that is, address translation from the VPN client network to the local area.
You can also raise tap OpenVPN so that there is one network at the L2 level

S
Sergey, 2014-11-07
@bk0011m

Fixed in
server
config
_
_
_
_
.255.0"
route 192.168.42.0 255.255.255.0
In the client settings (usually a file with the client name in the ccd directory on the server) add:
iroute 192.168.42.0 255.255.255.0
And yes, I see you have Windows. At the time of checking, slow down the firewall.

W
wwwatson, 2014-11-07
@wwwatson

Wrote. routes as requested
in the folder C:\\OpenVPN\\config\\ccd created the file Client.txt
registered there iroute 192.168.43.0 255.255.255.0
Firewalls are disabled on both machines.
But the result is the same
Table. server mar

192.168.2.0 255.255.255.0 On-Link 192.168.2.20 276
192.168.2.20 255.255.255.255 On-Link 192.168.2.20 276
192.168.2.255 255.255.255.255 On-Link 192.168.2.20 276
192.168.10.0 255.25.255.0 192.168.12.255.0 192.168.10.2 192.168. 10.1 30
192.168.10.0 255.255.255.252 On-Link 192.168.10.1 286
192.168.10.1 255.255.255.255 On-Link 192.168.10.1 286
192.168.10.3 255.255.255.255 On-Link 192.168.10.1 286
192.168.43.0 255.255.255.0 192.168.10.2 192.168.10.1 30

client
127.255.255.255 255.255.255.255 On-Link 127.0.0.1 306
192.168.2.0 255.255.255.0 192.168.10.5 192.168.10.6 20
192.168.10.0 255.255.25.0 192.168.10.5 192.168.10.6 20
192.168.10.4 255.255.255.252 On-Link 192.168. 10.6 276
192.168.10.6 255.255.255.255 on-link 192.168.10.6 276
192.168.10.7 255.255.255.255 On-link 192.168.10.6 276
192.168.43.0 255.255.255.0 On-link 192.168.43.138 281
192.168.43.138 255.255.255.255 On-Link 192.168.43.138 281
192.168.43.255 255.255.255.255 On-link 192.168.43.138 281

One more question. From the router, I have to ping the openvpn network. The route seems to be normal.
But neither the vpn server nor the client is pinged.
204d5379352847f48158aecb774df9ac.PNG

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question