U
U
U-Bot2022-04-18 19:07:03
openvpn
U-Bot, 2022-04-18 19:07:03

OpenVPN can't see the network behind the server?

Good afternoon, actually the question is described in the question, we have:
An OpenVPN server that looks on the Internet and has some external address and the address in the LAN is 192.168.88.0 on it - win 10, it has the following config:
port 1194
proto udp4
dev tun
dev-node "VPN Server"
dh "C:\\Program Files\\OpenVPN\\ssl\\dh.pem"
ca "C:\\Program Files\\OpenVPN\\ssl\\ca.crt"
cert "C:\\Program Files\\ OpenVPN\\ssl\\cert.crt"
key "C:\\Program Files\\OpenVPN\\ssl\\cert.key"
server 172.16.10.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
compress
ncp-disable
fast-io
cipher AES-256-CBC
persist-key
persist-tun
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 6
mute 20
push "route 172.16.10.0 255.255.255.0"
push "route 192.168.88.0 255.255.255.0"

clients from different places should connect to it and see RDP from clients behind it - this config:

client
resolv-retry infinite
nobind
remote 1.1.1.1 (correct external IP here) 1194
proto udp
dev tun
compress
ncp-disable
fast-io
cipher AES-256-CBC
ca ca.crt
cert cert.crt
key cert (there is an indication of the required certificate and key files).key
dh dh.pem
float
keepalive 10 120
persist-key
persist-tun
verb 0

Actually the problem is this: the client connects calmly, receives an ip from the pool indicated to the server: 172.16.10.0 but cannot get into the network behind the server, there are no pings, RDP does not work, while routes to the client they are thrown, and in the client's routing table - they are, what am I doing wrong, please tell me.
The routing table on the client:
172.16.10.0 255.255.255.0 172.16.10.13 172.16.10.14 281
172.16.10.12 255.255.255.252 On-link 172.16.10.14 281
172.16.10.14 255.255.255.255 On-link 172.16.10.14 281
172.16.10.15 255.255.255.255 On-link 172.16.10.14 281
192.168.0.0 255.255.255.0 On-Link 192.168.0.10.10.106
192.168.0.10 255.255.255.255 On-Link 192.168.0.10 306
192.168.0.255 255.255.255.255 On-Link 192.168.0.10
192.16.16.168.8 10.14 281
Windows tap is used. not wintun.
Naturally, on Mikrotik, which has port 1194 at the exit from the server network, it is forwarded, on the vpn - the openvpn server is added to the firewall whitelist, and indeed if on the server to which you need to go through rdp through open vpn at the time of trying to connect, look at the packets with wireshark - which - packets from vpn reach him, but apparently some are not like that
625d8f3d7210c796624952.png

Answer the question

In order to leave comments, you need to log in

1 answer(s)
U
U-Bot, 2022-04-19
@stosstruppen

So I found the problem, it turned out to be in the subnet mask, the fact is that clients receive addresses with a mask of 255.255.255.252, but we only have a route to the network with a mask of 255.255.255.0, if we manually add a route to the network 172.16.10.0 with a mask of 252 - everything starts working, that is, for good in the server config, push the route to 252 - then it will distribute them to clients and everything will work, but it scares me a little that the mask 252 is narrow, only 4 addresses, will let's say 20 connected ones work clients that are running a route to 172.16.10.0 with a mask of 252?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question