OpenVPN Configuration - Windows 7 client & debian server

Posted by Guillaume on Server Fault See other posts from Server Fault or by Guillaume
Published on 2012-10-19T13:30:32Z Indexed on 2012/10/20 17:04 UTC
Read the original article Hit count: 257

Filed under:

I recently formatted my Windows 7 computer and lost my client's config files for OpenVPN. I recovered the certificates and default config that were left on the server but I haven't managed to make the whole thing work again. I assume the server's config and routing table are OK because it was working before (although quite some time ago).

Would any of you experts be able to help?

server.conf

# Serveur TCP/666
mode server
proto udp
port 666
dev tun

# Cles et certificats
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
cipher AES-256-CBC

# Reseau
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1"
keepalive 10 120

# Securite
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo

# Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log

client.conf

# Client

client
dev tun
proto udp
remote *my server's ip address*:666
cipher AES-256-CBC

# Cles
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1

# Securite
nobind
persist-key
persist-tun
comp-lzo
verb 3

Routing table on debian server when OpenVPN server is running:

Destination     Gateway      Genmask         Indic Metric Ref    Use Iface
10.8.0.2        *               255.255.255.255 UH    0      0        0 tun0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
my server's ip  *               255.255.255.0   U     0      0        0 eth0
default         72815.trg.dedic 0.0.0.0         UG    0      0        0 eth0

Routing table on Windows 7 client (OpenVPN not working)

===========================================================================
Interface List
 19...00 f0 8a 1b 6e 5c ......TAP-Win32 Adapter V9
 12...90 2e 34 33 84 7b ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (
NDIS 6.20)
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.11     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.11    276
     192.168.1.11  255.255.255.255         On-link      192.168.1.11    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.11    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.11    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.11    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:

[...]

===========================================================================
Persistent Routes:
  None

And when the link is established between my client and the server: The server's routing table stays the same. The client's becomes:

===========================================================================
    Interface List
     19...00 f0 8a 1b 6e 5c ......TAP-Win32 Adapter V9
     12...90 2e 34 33 84 7b ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (
    NDIS 6.20)
      1...........................Software Loopback Interface 1
     12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.11     20
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     30
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    286
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    286
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    286
     my server's ip  255.255.255.255      192.168.1.1     192.168.1.11     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     30
      192.168.1.0    255.255.255.0         On-link      192.168.1.11    276
     192.168.1.11  255.255.255.255         On-link      192.168.1.11    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.11    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.11    276
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.11    276
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    286
===========================================================================
Persistent Routes:
  None

What's working:

  • Server and client do connect to each other, SSL certificates are OK.
  • The client gets an IP (10.8.0.6) from the server
  • OpenVPN client is started as an administrator.

But:

  • I cannot ping the other one on either side.
  • 'Gateway' value is empty on client's side (in the adapter's "status" window).
  • Client has got no internet access when the link is up.

Ideal configuration:

  • I only want the client to be able to use the server's Internet access and access its resources (MySQL server in particular).
  • I do not need or want the server to access the client's local network.
  • The client needs to be able to access it's local network, although all Internet traffic should be redirected to the VPN link.

I spent a considerable amount of time on this but it's still not working, any help would be much appreciated.

Thanks :)

© Server Fault or respective owner

Related posts about openvpn