2

I have a client who has OpenVPN installed on a windows server. I didn't install it and the person who did is no longer available. The server runs a special App and the client machines talk to it - and it alone, no routing to other machines.

I have a problem where some internal subnets can access the OpenVpn server and some cannot.

The setup:

  • Openvpn uses 10.8.0.0 - the default setup.
  • The server is on 192.168.2.10
  • Internal subnets 192.168.1.0 and 192.168.40.0 are connected by routers.

Pc's which are on 192.168.2.0 and 192.168.1.0 can access the server running openvpn without problems (remember, they're internal and they don't connect via openVPN).

PC's which are on the 192.168.40.0 subnet CANNOT ACCESS (they're internal and also don't connect via openVPN).

If I shut down OpenVPN on the server I can access the server from 192.168.40.0

So, my problem is that OpenVPN is rejecting connections from 192.168.40.0 to 192.168.2.10 but I can't see why.

Adding routes in the OpenVPN config doesn't see to make ay difference ... and I didn't expect it to.

What really mystifies me is why 192.168.1.0 works... but there is no mention of it in the OpenVpn config file.

Edit: routing table when openvpn is open:

          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.10     10
         10.8.0.0    255.255.255.0         10.8.0.1         10.8.0.1     30
         10.8.0.1  255.255.255.255        127.0.0.1        127.0.0.1     30
   10.255.255.255  255.255.255.255         10.8.0.1         10.8.0.1     30
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.2.0    255.255.255.0     192.168.2.10     192.168.2.10     10
     192.168.2.10  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.2.255  255.255.255.255     192.168.2.10     192.168.2.10     10
        224.0.0.0        240.0.0.0         10.8.0.1         10.8.0.1     30
        224.0.0.0        240.0.0.0     192.168.2.10     192.168.2.10     10
  255.255.255.255  255.255.255.255         10.8.0.1         10.8.0.1      1
  255.255.255.255  255.255.255.255     192.168.2.10     192.168.2.10      1

the lan ip is 192.168.2.10 and the openvpn interface ip is 10.8.0.1

Anyone got any suggestions?

Ian Murphy
  • 1,349
  • 4
  • 19
  • 30
  • This is just a shot in the dark, but do the routing tables on the openVPN server itself shed any light on this behavior? Are they any different when OpenVPN is running vs off? (Run "route print" from a command prompt) – Joshua McKinnon May 19 '11 at 16:32
  • Have you printed the routing table of the VPN Server ? – aleroot May 19 '11 at 18:49
  • yeah, that was my first thought too, but no. When OpenVpn is not running there is a minimal routing table - the usual local ip related routes and one for default gateway. When you start openvpn y just adds a route for 10.x.x.x – Ian Murphy May 20 '11 at 08:36

1 Answers1

0

I found the cause. It was nothing to do with OpenVPN but was down to a load balancing router sending some traffic down a link which it shouldn't have. It just happened that when I ran some tests that it looked like it was caused by Openvpn... shouldn't stop and start two things at once when diagnosing problems.

Ian Murphy
  • 1,349
  • 4
  • 19
  • 30