OpenVPN Configuration - Windows 7 client & debian server
Posted
by
Guillaume
on Server Fault
See other posts from Server Fault
or by Guillaume
Published on 2012-10-19T13:30:32Z
Indexed on
2012/10/20
17:04 UTC
Read the original article
Hit count: 257
openvpn
I recently formatted my Windows 7 computer and lost my client's config files for OpenVPN. I recovered the certificates and default config that were left on the server but I haven't managed to make the whole thing work again. I assume the server's config and routing table are OK because it was working before (although quite some time ago).
Would any of you experts be able to help?
server.conf
# Serveur TCP/666
mode server
proto udp
port 666
dev tun
# Cles et certificats
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
cipher AES-256-CBC
# Reseau
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1"
keepalive 10 120
# Securite
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo
# Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log
client.conf
# Client
client
dev tun
proto udp
remote *my server's ip address*:666
cipher AES-256-CBC
# Cles
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
# Securite
nobind
persist-key
persist-tun
comp-lzo
verb 3
Routing table on debian server when OpenVPN server is running:
Destination Gateway Genmask Indic Metric Ref Use Iface
10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0
10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
my server's ip * 255.255.255.0 U 0 0 0 eth0
default 72815.trg.dedic 0.0.0.0 UG 0 0 0 eth0
Routing table on Windows 7 client (OpenVPN not working)
===========================================================================
Interface List
19...00 f0 8a 1b 6e 5c ......TAP-Win32 Adapter V9
12...90 2e 34 33 84 7b ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (
NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.11 276
192.168.1.11 255.255.255.255 On-link 192.168.1.11 276
192.168.1.255 255.255.255.255 On-link 192.168.1.11 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.11 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.11 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
[...]
===========================================================================
Persistent Routes:
None
And when the link is established between my client and the server: The server's routing table stays the same. The client's becomes:
===========================================================================
Interface List
19...00 f0 8a 1b 6e 5c ......TAP-Win32 Adapter V9
12...90 2e 34 33 84 7b ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (
NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30
10.8.0.4 255.255.255.252 On-link 10.8.0.6 286
10.8.0.6 255.255.255.255 On-link 10.8.0.6 286
10.8.0.7 255.255.255.255 On-link 10.8.0.6 286
my server's ip 255.255.255.255 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
192.168.1.0 255.255.255.0 On-link 192.168.1.11 276
192.168.1.11 255.255.255.255 On-link 192.168.1.11 276
192.168.1.255 255.255.255.255 On-link 192.168.1.11 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.11 276
224.0.0.0 240.0.0.0 On-link 10.8.0.6 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.11 276
255.255.255.255 255.255.255.255 On-link 10.8.0.6 286
===========================================================================
Persistent Routes:
None
What's working:
- Server and client do connect to each other, SSL certificates are OK.
- The client gets an IP (10.8.0.6) from the server
- OpenVPN client is started as an administrator.
But:
- I cannot ping the other one on either side.
- 'Gateway' value is empty on client's side (in the adapter's "status" window).
- Client has got no internet access when the link is up.
Ideal configuration:
- I only want the client to be able to use the server's Internet access and access its resources (MySQL server in particular).
- I do not need or want the server to access the client's local network.
- The client needs to be able to access it's local network, although all Internet traffic should be redirected to the VPN link.
I spent a considerable amount of time on this but it's still not working, any help would be much appreciated.
Thanks :)
© Server Fault or respective owner