Is VPN routing on Windows possible?

T

Temp-User_00002020-03-04 16:26:00

openvpn

Temp-User_0000, 2020-03-04 16:26:00

On a Windows PC I have set up OpenVPN, L2TP/IPsec and PPtP/IPsec vpn servers. At the same time, 2 OpenVPN servers were raised, one for everyone (dev tap + proto tcp), the other for Android (dev tun + proto udp). In this case, the first OpenVPN server is a bridge and clients receive IP addresses of the server network and are members of the local network, and the second OpenVPN server (dev tun...), L2TP/IPsec and PPtP/IPsec give clients their IP addresses and the gateway is a PC. At the same time, routing is configured (configs below), but the packets do not go further than the PC. When connecting from the second OpenVPN, you can go to this computer both at the address issued by the OpenVPN server and at the address of the local network, but you cannot connect to other devices on the local network or access the Internet! L2TP generally cannot go beyond the vpn subnet. What's the matter, what to do and how to set up VPN tunnels so

First OpenVPN Server

Конфиг сервера

;local a.b.c.d
port 65532
proto tcp4-server
;proto udp
dev tap
;dev tun
dev-node TrainzCityVPN
ca ca.crt
cert TrainzCityVPN.crt
key TrainzCityVPN.key  # This file should be kept secret
dh dh4096.pem
;topology subnet
;server 10.8.0.0 255.255.255.0
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\log\\ipp.txt"
server-bridge 192.168.2.1 255.255.255.0 192.168.2.100 192.168.2.150
server-bridge
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
route-delay 5
route-method exe
client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"
;route 192.168.40.128 255.255.255.248
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
log         "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
log-append  "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 3
mute 20
#explicit-exit-notify 1

Полный конфиг:

Конфиг клиента на сервере

ifconfig-push 192.168.2.105 10.8.0.106

push "route 192.168.0.0 255.255.255.0"

# disable

Конфиг клиента

client
dev tap
;dev tun
;dev-node MyTap
proto tcp4-client
;proto udp
remote trainzcirty.myftp.org 65532
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert Glebka.crt
key Glebka.key
remote-cert-tls server
tls-client
tls-auth ta.key 1
key-direction 1
cipher AES-256-CBC
verb 3
mute 20

Полный конфиг:

Second OpenVPN server:

Конфиг сервера

;local a.b.c.d
port 65532
;proto tcp-server
proto udp4
;dev tap
dev tun
dev-node AndroVPN
ca ca.crt
cert TrainzCityVPN.crt
key TrainzCityVPN.key  # This file should be kept secret
dh dh4096.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\log\\ipp.txt"
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
route 192.168.2.0 255.255.255.0 192.168.2.1
route-delay 5
route-method exe
client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"
;route 192.168.40.128 255.255.255.248
;push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
log         "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
log-append  "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 3
mute 20
#explicit-exit-notify 1

Полный конфиг:

Конфиг клиента на сервере

ifconfig-push 10.8.0.5 10.8.0.6

iroute 192.168.43.0 255.255.255.0

route 192.168.2.0 255.255.255.0

push "route 192.168.2.0 255.255.255.0"

# disable

Конфиг клиента

client
dev tap
;dev tun
;dev-node MyTap
;proto tcp4-client
proto udp
remote trainzcirty.myftp.org 65532
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert Phone.crt
key Phone.key
remote-cert-tls server
tls-client
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
mute 20

Полный конфиг:

L2TP server

Настраивался по инструкции:

PS

Помогите, пожалуйста!

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexander, 2020-03-04
@UPSA

Partial solution...
Check the box "Allow other users ... Internet" in the properties of the adapter.

R

res2001, 2020-03-04
@res2001

Why do you need server-bridge? Never seen openvpn running in this mode. Well, maybe it works ...
The subnet + server topology mode is our everything.
In general, when the VPN client connects to the server, it remains only to correctly configure the routing tables on ALL participants in the exchange.

C

CityCat4, 2020-03-04
@CityCat4

Yes, Danya, "we are not looking for easy ways" - this is about you :) You have to think of it - VPN server on Windows;)