Openvpn чтобы работал интернет

OpenVPN Support Forum

OpenVPN connects and has LAN access, but no internet

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.

OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Fri Dec 13, 2019 12:46 am

Hi, Please excuse my lack of expertise in networking. I’ve read several posts on this forum and on google, but couldn’t resolve the issue. I feel like I am pretty close to getting OpenVPN set up the way I want. I am hoping to resolve the last issue of not being able to access the internet when VPN is connected. OpenVPN server is installed on a Windows 10 PC in an office. OpenVPN client is installed on a laptop I carry around while I am out in the field. I want to access Windows Samba share on the Windows 10 PC through VPN, but allow rest of internet traffic to NOT go through the VPN Server. As of now, I can access the Samba share when VPN is connected, but I have no internet. I am not sure if it has something to do with the client not having a default gateway for the TAP adapter, or that IP forwarding is only enabled on the Server. Server subnet is 192.168.2.1, Server LAN ip is 192.168.2.10, Client subnet is 10.62.81.1, client LAN ip is 10.62.81.15, VPN subnet is 10.8.0.0, client VPN ip is 10.8.0.2, server VPN ip is 10.8.0.1. The Config files are below. Any help on this is GREATLY appreciated!

ca «C:\\Program Files\\OpenVPN\\config\\ca.crt»
cert «C:\\Program Files\\OpenVPN\\config\\server.crt»
key «C:\\Program Files\\OpenVPN\\config\\server.key» # This file should be kept secret

dh «C:\\Program Files\\OpenVPN\\config\\dh2048.pem»

push «route 10.8.0.1 255.255.255.0»
push «route 10.8.0.0 255.255.255.0»
push «route 192.168.2.1 255.255.255.0»
push «route-metric 512»

push «redirect-gateway def1»

push «dhcp-option DNS 8.8.8.8»
push «dhcp-option DNS 8.8.4.4»

tls-auth «C:\\Program Files\\OpenVPN\\config\\ta.key» 0

client
dev tun
proto udp4
remote xxxxxx.ddns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
verb 4

——BEGIN CERTIFICATE——
——END CERTIFICATE——


——BEGIN CERTIFICATE——
——END CERTIFICATE——


——BEGIN PRIVATE KEY——
——END PRIVATE KEY——


——BEGIN OpenVPN Static key V1——
——END OpenVPN Static key V1——

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Fri Dec 13, 2019 10:28 am

I want to access Windows Samba share on the Windows 10 PC through VPN, but allow rest of internet traffic to NOT go through the VPN Server. As of now, I can access the Samba share when VPN is connected, but I have no internet

#push "route 10.8.0.1 255.255.255.0" # Not required #push "route 10.8.0.0 255.255.255.0" # Not required push "route 192.168.2.1 255.255.255.0" # This is correct but See note 1 #push "route-metric 512" # Not required #push "redirect-gateway def1" # Not required #push "dhcp-option DNS 8.8.8.8" # See note 2 #push "dhcp-option DNS 8.8.4.4" # See note 2

1. 192.168.2.0/24 is a common subnet and could cause you routing conflicts in the future.
   It is recommended that you change your server LAN to something more unique. eg: 192.168.147.0/24
2. These will not work as you expect on Windows.
   You will be setting your DNS servers to 8.8.8.8 & 8.8.4.4 but they will not be routed through the VPN.
   If you want your DNS to use the VPN in Windows you must use —block-outside-dns (Can be pushed)

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Fri Dec 13, 2019 3:26 pm

OMG you are a lifesaver. I changed the subnet according to your note 1 to 192.168.150.0/24. I also added push «block-outside-dns», and commented out the other push lines as you suggested. Now, when connected to VPN, I have internet access, and my public IP shows I am accessing internet NOT through the VPN, which is what I wanted. Unfortunately, I now DON’T have access to the Samba shares for some reason. Any ideas that may help in getting access back to the Samba shares? Thanks so much!!

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Fri Dec 13, 2019 5:40 pm

You must actually change that subnet on your server LAN and all the devices (eg: Printer) connected to that LAN, not just change the line in the config

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Fri Dec 13, 2019 10:39 pm

Duh, sorry. I changed the server LAN and all devices on the LAN to 10.32.55.100. The server lan ip is now 10.32.55.110. However I still don’t have access to the Samba share. I am really puzzled as to what happened. Again, your help is appreciated greatly!

port 2592
proto udp4
dev tun
dev-node OpenVPN
ca «C:\\Program Files\\OpenVPN\\config\\ca.crt»
cert «C:\\Program Files\\OpenVPN\\config\\server.crt»
key «C:\\Program Files\\OpenVPN\\config\\server.key» # This file should be kept secret
dh «C:\\Program Files\\OpenVPN\\config\\dh2048.pem»
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push «route 10.32.55.110 255.255.255.0»
push «block-outside-dns»
keepalive 10 120
tls-auth «C:\\Program Files\\OpenVPN\\config\\ta.key» 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 2

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Fri Dec 13, 2019 11:59 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sat Dec 14, 2019 5:59 am

I can ping 10.8.0.1, but not 10.32.55.100. Thanks for really helping me through this process. It has been a rough few days, lol.

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Sat Dec 14, 2019 2:45 pm

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sat Dec 14, 2019 6:36 pm

I enabled IP forwarding by going to regedit HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] and changing IPEnableRouter to «1». I am not sure how to make sure the firewall allows IP forwarding. I only have Windows firewall. I tried accessing the Samba share while the firewall was turned off, and I still couldn’t access the Samba share. I did create Windows firewall rules to allow all the File and Printer Sharing, and ports 135-139, 445 for both TCP and UDP. I did port forwarding on my router as well, for ports 135-139,445,2592 as well. I also checked to make sure Routing and Remote Access Service is enabled and Automatic. I really appreciate your help here again.

Re: OpenVPN connects and has LAN access, but no internet

Post by TinCanTech » Sun Dec 15, 2019 2:00 am

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sun Dec 15, 2019 7:13 am

I am a novice at best outside of the Windows environment unfortunately. I was hoping the setup I need could be accommodated by Windows. Are you suggesting a Linux OS? If so, which one, and are there any common pitfalls I should watch out for? Thanks again.

Re: OpenVPN connects and has LAN access, but no internet

Post by 300000 » Sun Dec 15, 2019 9:53 am

I am a novice at best outside of the Windows environment unfortunately. I was hoping the setup I need could be accommodated by Windows. Are you suggesting a Linux OS? If so, which one, and are there any common pitfalls I should watch out for? Thanks again.

i am going to help you setup openvpn running on window , you need post here what yoi did and full server and client config and what version windows 10 you use ,

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Sun Dec 15, 2019 9:05 pm

Thanks 300000. I appreciate the input from TinCanTech as well, as I read many posts about the horror stories of Windows networking being inconsistent. Please see the full config below. I have added port forwarding and static routes to the router settings on the server side. I created incoming rules for Windows firewall on ports 135-139,445 for TCP and UDP on the server machine. The server and client are both running Windows 10 Pro. In the client log, I did notice one error. I am not sure what it means. Thanks for all the help.

exception parsing IPv4 route: [route] [10.32.55.100] [255.255.255.0] : tun_prop_error: route is not canonical

port 2592
proto udp4
dev tun
dev-node OpenVPN
ca «C:\\Program Files\\OpenVPN\\config\\ca.crt»
cert «C:\\Program Files\\OpenVPN\\config\\server.crt»
key «C:\\Program Files\\OpenVPN\\config\\server.key» # This file should be kept secret
dh «C:\\Program Files\\OpenVPN\\config\\dh2048.pem»
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push «route 10.32.55.100 255.255.255.0»
push «block-outside-dns»
keepalive 10 120
tls-auth «C:\\Program Files\\OpenVPN\\config\\ta.key» 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 2
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1

client
dev tun
proto udp4
remote vkcpa.mynetgear.com 2592
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
verb 4

Re: OpenVPN connects and has LAN access, but no internet

Post by 300000 » Sun Dec 15, 2019 10:42 pm

can you tell me what version of window 10 you installed , it this windows home or window server operate system? there are difference between windows home and windows server so I need to know before give you some advice .
why do you want to push route 10.32.55.100 ? what is address of samba server on server lan?
on server lan do you have any dns server sevice run on or not?

you said samba file share . is this run on linux or windows?

in order to access file over vpn you need WINS service which is can install on windows server or can make samba server act as WINS , so over internet you can access file server as \\ mycomputer,local\file than \\ 192.168.2.*\file

Re: OpenVPN connects and has LAN access, but no internet

Post by kevinpride » Mon Dec 16, 2019 4:00 am

The server and client both are running Windows 10 Pro, I don’t know if you need any additional version info. I am not running Windows Server OS. The lan subnet of the server is 10.32.55.100. The local ip of server (also where the samba share) is 10.32.55.110. The server is a basic pc running on Windows 10 Pro, and a shared folder. All other devices on the server lan, have access to this shared folder, mapped as a network drive. I hope this is enough info? I really don’t know much about WINS service.

Re: OpenVPN connects and has LAN access, but no internet

Post by 300000 » Mon Dec 16, 2019 12:43 pm

click search type » ncpa.cpl «and press enter

rename the internet netword card and openvpn netword card so it makes thing simple
click the the internet netword card and chose properties/chosing sharing tab
tick allow other netword user connect through this computer internet connection.
on drop down choose openvpn netword card if it is pressen and click ok.

right click openvpn netword card and chosse properties chose ip4 and set its ip as 10.8.0.1 subnet mask 255.255.255.0

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
charge IPEnableRouter =1

this will make windows will lan routing all network card
go service and choose Internet Connection Sharing and choose automatic
go to service and find routing and remote access and choose automatic
just disable firewall to make connection first , after it works come back to firewall charge it later.
after that restart computer and check every sevice have been start so your openvpn run at windows wil routing all over netword card and client can go

when you try connect client to server if it work just try to go file share click search type \\ 10.32.55.110 enter
this server config not routing all internet though but only file share only

I make copy test your server config you can try and see if it works for you or not .

port 2592
proto udp4
ip-win32 manual
dev tun
dev-node OpenVPN
ca «C:\\Program Files\\OpenVPN\\config\\ca.crt»
cert «C:\\Program Files\\OpenVPN\\config\\server.crt»
key «C:\\Program Files\\OpenVPN\\config\\server.key»
dh «C:\\Program Files\\OpenVPN\\config\\dh2048.pem»
push «route 10.32.55.0 255.255.255.0 vpn_gateway»
topology subnet
server 10.8.0.0 255.255.255.0
keepalive 10 120
tls-auth «C:\\Program Files\\OpenVPN\\config\\ta.key» 0
cipher AES-256-CBC
comp-lzo
max-clients 2
persist-key
persist-tun
status openvpn-status.log
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway
register-dns

verb 4
explicit-exit-notify 1

Источник