I have recently installed OpenVPN on my windows 2003 server.
Once someone is connected to the server, they do not have internet access.
- My network is on 192.168.1.1
- my server is on 192.168.1.110
- I am using the dd-wrt firmware
- I have enabled port 1194 for 192.168.1.110 on the router
- Routing and Remote Access is disabled
- I have 2 Tap-Win32 Adapter V8(s) on my windows 2003 server
- I have tried setting this line to 192.168.1.1 and also my isp's dns servers
push "dhcp-option DNS 192.168.1.1" # Replace the Xs with the IP address of the DNS for your
home network (usually your ISP's DNS) I have created an advanced routing Gateway in dd-wrt
Destination LAN NET: 192.168.10.0
Subnet Mask: 255.255.255.252
Gateway: 192.168.1.110
Interface: Lan & WLAN
I have followed this website exactly: http://www.itsatechworld.com/2006/01/29/how-to-configure-openvpn/
EDIT: I just tried to connect through the cmd prompt and get the following subnet error - potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
My server file looks as follows:
local 192.168.1.110 # This is the IP address of the real network interface on the server connected to the router
port 1194 # This is the port OpenVPN is running on - make sure the router is port forwarding this port to the above IP
proto udp # UDP tends to perform better than TCP for VPN
mssfix 1400 # This setting fixed problems I was having with apps like Remote Desktop
push "dhcp-option DNS 192.168.1.1" # Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS)
#push "dhcp-option DNS X.X.X.X" # A second DNS server if you have one
dev tap
#dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name
ca "ca.crt"
cert "server.crt"
key "server.key" # This file should be kept secret
dh "dh1024.pem"
server 192.168.10.0 255.255.255.128 # This assigns the virtual IP address and subent to the server's OpenVPN connection. Make sure the Routing Table entry matches this.
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1" # This will force the clients to use the home network's internet connection
keepalive 10 120
cipher BF-CBC # Blowfish (default) encryption
comp-lzo
max-clients 100 # Assign the maximum number of clients here
persist-key
persist-tun
status openvpn-status.log
verb 1 # This sets how detailed the log file will be. 0 causes problems and higher numbers can give you more detail for troubleshooting
My client1 file is as follows:
client
dev tap
#dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name
proto udp
remote my-dyna-dns.com 1194 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config
route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1
resolv-retry infinite
nobind
persist-key
persist-tun
ca "ca.crt"
cert "client1.crt" # Change the next two lines to match the files in the keys directory. This should be be different for each client.
key "client1.key" # This file should be kept secret
ns-cert-type server
cipher BF-CBC # Blowfish (default) encrytion
comp-lzo
verb 1
Thanks in advance!
No comments:
Post a Comment