Problems setting up a VPN: can connect but can't ping anyone

openvpn

This is my first time setting a VPN. Clients can connect but can't ping other machines. This is certainly a route problem but i can't find the right way to configure it.

Here is a sample example of the two LANS i want to connect:

So, i want machines from 192.168.1.0/24 being able to connect with 192.168.0.0/24 as if they were on the same network. For the VPN network, i would like to use the 10.0.0.0/24 range.

Here is my server.conf:

proto udp
port 1194
dev tun
server 10.0.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0 192.168.0.1"
push "dhcp-option DNS 192.168.0.1"
push "dhcp-option WINS 192.168.0.1"
comp-lzo
keepalive 10 120
float
max-clients 10
persist-key
persist-tun
log-append /var/log/openvpn.log
verb 6
tls-server
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
tls-auth /etc/openvpn/keys/mykey.key 0
status /var/log/openvpn.stats

And one of my clients 192.168.1.2:

client
dev tap
proto udp
remote my.no-ip.address 1194
route 192.168.1.0 255.0.0.0 192.168.1.1 3
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\test1.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\test1.key"
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\mykey.key" 1
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 1

What exactly i am doing wrong? All machines can connect to openvpn but the ping doesn't work.

At the client log i see the following error:

Wed Feb 16 09:43:23 2011 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Wed Feb 16 09:43:23 2011 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.1

Thanks!


Solution 1:

There seems to be two error is your config:

  1. The Route Push config statement in the Server config should not contain the gateway address:

    push "route 192.168.0.0 255.255.255.0"

  2. The route command on the client side is not needed if you push the routes out to the client via the push config statement.

Related

Apache 2 UserDir for only one VirtualHost
Can ESXi pass video card to VM to do CUDA?
How do I "Close Connection" like TCPView does, using the command line? [closed]
How to get rid of mysql binlogs?
Receiving Cable/Satellite Television in Colo?
GIT, SSH, and GIT-SHELL
System clock drifting out of sync with hwclock and ntpd
DNS Subdomain delegation issue
Force Dovecot not to log connect/disconnect messages
deploy a VMWare ESX ofv template directly from a local datastore
Running SQL Server Express on Amazon EC2 Windows instance
Ceph: Why is a greater number of "placement groups" a "bad thing"?