Routing info as requested, listed below.
----- Original Message -----
From: "Mathias Jeschke" <openvpn-us...@0xaffe.de>
To: <openvpn-users@lists.sourceforge.net>
Cc: "Jeff Boyce" <jbo...@meridianenv.com>
Sent: Tuesday, November 11, 2014 1:32 AM
Subject: Re: [Openvpn-users] Classic case of can't reach machine behind
OpenVPN server from the connected client
> Hi Jeff,
>
> On 11/10/2014 10:20 PM, Jeff Boyce wrote:
>
>> However, I turned off the firewall on the OpernWRT router (confirmed with
>> $
>> iptables -L -n) then ran the ping test again. The result is the same
>> (Reply
>> from 10.4.0.1: Destination host unreachable). That to me indicates that
>> my
>> issue is with routing, and not with the firewall. Which then takes me to
>> the decision diagram provided by David previously and puts me at the
>> point
>> of "Add a route to the router so it knows how to reach the VPN subnet".
>> Which is where my lack of routing knowledge gets me stuck, as I am not
>> sure
>> what exactly to put for a static route, and also the right syntax to put
>> into an OpenWRT config.
>>
>> Does it seem like I am on the right track with this synopsis?
>
> Could you please post the routing table of the Vista box (192.168.123.111)
> too?
>
> Cheers,
> Mathias.
>
VPN client routing table after establishing a connection to the OpenVPN
server.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.112.11 192.168.112.125 10
10.4.0.1 255.255.255.255 10.4.0.5 10.4.0.6 31
10.4.0.4 255.255.255.252 On-link 10.4.0.6 286
10.4.0.6 255.255.255.255 On-link 10.4.0.6 286
10.4.0.7 255.255.255.255 On-link 10.4.0.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.112.0 255.255.255.0 On-link 192.168.112.125 266
192.168.112.125 255.255.255.255 On-link 192.168.112.125 266
192.168.112.255 255.255.255.255 On-link 192.168.112.125 266
192.168.123.0 255.255.255.0 10.4.0.5 10.4.0.6 31
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.4.0.6 286
224.0.0.0 240.0.0.0 On-link 192.168.112.125 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.4.0.6 286
255.255.255.255 255.255.255.255 On-link 192.168.112.125 266
===========================================================================
Persistent Routes:
None
OpenWRT Router / OpenVPN Server routing table after a connection is
initiated from a remote VPN client
root@gateway:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 174.125.113.1 0.0.0.0 UG 0 0 0
pppoe-wan
10.4.0.0 10.4.0.2 255.255.255.0 UG 0 0 0 tun0
10.4.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
174.125.113.1 0.0.0.0 255.255.255.255 UH 0 0 0
pppoe-wan
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0
br-lan
Routing table of Vista Box behind OpenVPN Server
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.123.2 192.168.123.111 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
192.168.123.0 255.255.255.0 On-link 192.168.123.111 266
192.168.123.111 255.255.255.255 On-link 192.168.123.111 266
192.168.123.255 255.255.255.255 On-link 192.168.123.111 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.123.111 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.123.111 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.4.0.0 255.255.255.0 10.4.0.1 1
0.0.0.0 0.0.0.0 192.168.123.2 Default
===========================================================================
VPN Client Config
client
dev tun
proto udp
remote <dynamic dns service> 1194
pull
nobind
persist-key
persist-tun
tls-client
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\JABopti-755.crt"
key "C:\\Program Files\\OpenVPN\\config\\JABopti-755.key"
ns-cert-type server
resolv-retry infinite
comp-lzo
route-method exe
route-delay 2
verb 4
VPN Server Config
port 1194
proto udp
dev tun
tls-server
ca /etc/easy-rsa/keys/ca.crt
cert /etc/easy-rsa/keys/GatewayVPNServer.crt
key /etc/easy-rsa/keys/GatewayVPNServer.key
dh /etc/easy-rsa/keys/dh2048.pem
server 10.4.0.0 255.255.255.0
float
ifconfig-pool-persist /etc/openvpn/ipp.txt 120
push "route 192.168.123.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /etc/openvpn-status.log
log-append /home/openvpn.log
verb 6
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
