Open VPN. The server does not see the clients, but the clients ping and see the server, why?

P

promofake2019-07-04 15:28:46

openvpn

promofake, 2019-07-04 15:28:46

The bottom line is: there is a working network of 5 computers. And there is a remote server. Raised an OpenVPN server on WinServer 2008/R2. win8 client. The client connects, everything is ok. Gets the internal address 10.8.0.2. Pings the server 10.8.0.1, but the server does not see this client for the life of me. I set up a bunch of manuals, I'm not a pro myself, a beginner)) I rather had to set up a working network at home. The main task is to connect the printer located in the office to a remote server. The printer is connected to the client via USB. The most interesting thing is that everything worked a month ago. But the situation was overshadowed by the departure of the system manager and everything was covered. I had to reinstall everything.
Server:

proto udp
dev tap
dev-node "openvpn.server"
tls-server
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0

tun-mtu 1500
mssfix 1450

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\Server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh4096.pem"

#Диапазон IP адресов для VPN сети 
server 10.8.0.0 255.255.255.0

client-to-client
keepalive 10 120
cipher AES-128-CBC

#Включаем сжатие
comp-lzo
persist-key
persist-tun

client-config-dir "C:\\Program Files\\OpenVPN\\ccd"

#Маршруты добавляются через .exe если без него, то не у всех прописываются маршруты
route-method exe

#Задержка перед добавлением маршрута
route-delay 5

#Уровень отладочной информации
verb 3

#Шлюз
route-gateway 10.8.0.1

#Команда которая сообщает клиентам что за сервером локальная сеть с адресами 192.168.0.100 255.255.255.0
push "route 192.168.0.100 255.255.255.0"

#Прописывает маршрут на сервере чтобы видеть сеть за клиентом
route 192.168.0.0 255.255.255.0

# каждому клиенту выдается по 1 адресу, без виртуальных портов маршрутизатора
topology subnet

#Количество повторяющихся сообщений
mute 20


Клиент

#Говорим, чтобы клиент забирал информацию о маршрутизации с сервера (push опции)
client

#Указываем по какому протоколу работает OpenVPN
proto udp

#Тип интерфейса
dev tap

remote Х.Х.Х.Х.
port 1194


tls-client
tun-mtu 1500
mssfix 1450

ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1


cipher AES-128-CBC


persist-key
persist-tun
comp-lzo

route-delay 5 


ping-restart 60
ping 10
verb 3
auth SHA1

CCD клиента: 
#Присваиваем клиенту постоянный IP 10.8.0.2
ifconfig-push 10.8.0.2 255.255.255.0

#сообщаем серверу что за клиентом сеть 192.168.0.0
iroute 192.168.0.0 255.255.255.0

#если раскоментировать следующую строку, то клиент будет отключен (на случай если нужно этого клиента отключить от сервера, а остальные будут работать)
# disable

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

promofake, 2019-07-05
@promofake

I tried everything, everything that is possible, twisted the skewer with the settings both on the server and on the client. As a result, the issue was resolved by disabling the fuck zaher Kaspersky. I just decided to turn it off at one point because I was already starting to go crazy. And wow!! Everything works, ping shoots in all directions, everyone sees a friend !! Now it remains to understand what needs to be configured in Kaspersky ...

P

pcdesign, 2019-07-04
@pcdesign

https://help.keenetic.com/hc/ru/articles/213966229...
You need to allow Windows to respond to pings.