Hi Guys
I setup openVPN for a customer and we can connect to the VPN and I have access to the ClearOS firewall however i cannot connect to any local machine. Here is my config:
client
remote xxx.xxx.xxx.xxx 1194
push "route 10.0.0.0 255.255.255.0";
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-xxxx-cert.pem
key client-xxxx-key.pem
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
We have set this up at our premises first before implementing it at the clients office and it worked but when we replicate it, it does not work at all.
Any help will be greatly appreciated
I setup openVPN for a customer and we can connect to the VPN and I have access to the ClearOS firewall however i cannot connect to any local machine. Here is my config:
client
remote xxx.xxx.xxx.xxx 1194
push "route 10.0.0.0 255.255.255.0";
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-xxxx-cert.pem
key client-xxxx-key.pem
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
We have set this up at our premises first before implementing it at the clients office and it worked but when we replicate it, it does not work at all.
Any help will be greatly appreciated
In OpenVPN
Share this post:
Responses (5)
-
Accepted Answer
As a new poster, your first couple of posts get moderated. I've deleted your duplicate post.
Are you trying to access Windows devices behind ClearOS. If so the Windows firewall will often reject packets not coming from its own local LAN. There are a couple of ways round it. You can change the Windows firewall to accept traffic from the OpenVPN subnet or you can try adding the firewall rule from the command line:
or in a Custom Firewall rule:iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
Check it out at the command line first then make it permanent in the Custom Firewall.$IPTABLES -t nat -I POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
The other main cause of failure is when the local and remote subnets are the same or overlap. There is nothing you can do about that.
I don't understand why you have a "push route" line in the client config. It should not be there. Only servers can push configs. What are you trying to do with it? -
Accepted Answer
Thanks for the quick response. Apologies for the duplicate post, I didn't see the notification stating it would be moderated first.
We are trying to access a Windows server behind the ClearOS yes. We do I need to add the command line to the windows server or to the clearOS firewall?
I have been doing some research prior to posting this and a lot of the posts said to use the "push" route command however it did not work. -
Accepted Answer
The ClearOS server will add the necessary route command (in /etc/openvpn/clients.conf).
The firewall rules I gave you are for ClearOS. The Windows firewall is a completely different beast and I've no idea of the command line commands. I do it through the graphical firewall. There are pros and cons of each method. The ClearOS rule is easy to effect but it means connections all appear to be from the server rather than from individual remote machines. If you adjust the Windows firewall, it needs to be done on each target machine, but you are then able to identify where any of the connections re coming from. -
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »