Forums

Resolved
0 votes
Hi Guys

I setup openVPN for a customer and we can connect to the VPN and I have access to the ClearOS firewall however i cannot connect to any local machine. Here is my config:

client
remote xxx.xxx.xxx.xxx 1194
push "route 10.0.0.0 255.255.255.0";
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-xxxx-cert.pem
key client-xxxx-key.pem
ns-cert-type server
comp-lzo
verb 3
auth-user-pass

We have set this up at our premises first before implementing it at the clients office and it worked but when we replicate it, it does not work at all.

Any help will be greatly appreciated
In OpenVPN
Tuesday, March 12 2019, 04:08 PM
Share this post:
Responses (5)
  • Accepted Answer

    Tuesday, March 12 2019, 04:44 PM - #Permalink
    Resolved
    0 votes
    As a new poster, your first couple of posts get moderated. I've deleted your duplicate post.

    Are you trying to access Windows devices behind ClearOS. If so the Windows firewall will often reject packets not coming from its own local LAN. There are a couple of ways round it. You can change the Windows firewall to accept traffic from the OpenVPN subnet or you can try adding the firewall rule from the command line:
    iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
    or in a Custom Firewall rule:
    $IPTABLES -t nat -I POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
    Check it out at the command line first then make it permanent in the Custom Firewall.

    The other main cause of failure is when the local and remote subnets are the same or overlap. There is nothing you can do about that.

    I don't understand why you have a "push route" line in the client config. It should not be there. Only servers can push configs. What are you trying to do with it?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 12 2019, 05:09 PM - #Permalink
    Resolved
    0 votes
    Thanks for the quick response. Apologies for the duplicate post, I didn't see the notification stating it would be moderated first.

    We are trying to access a Windows server behind the ClearOS yes. We do I need to add the command line to the windows server or to the clearOS firewall?

    I have been doing some research prior to posting this and a lot of the posts said to use the "push" route command however it did not work.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 12 2019, 05:24 PM - #Permalink
    Resolved
    0 votes
    The ClearOS server will add the necessary route command (in /etc/openvpn/clients.conf).

    The firewall rules I gave you are for ClearOS. The Windows firewall is a completely different beast and I've no idea of the command line commands. I do it through the graphical firewall. There are pros and cons of each method. The ClearOS rule is easy to effect but it means connections all appear to be from the server rather than from individual remote machines. If you adjust the Windows firewall, it needs to be done on each target machine, but you are then able to identify where any of the connections re coming from.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, March 12 2019, 05:41 PM - #Permalink
    Resolved
    0 votes
    I will test this tomorrow and give you feedback if it has worked. Thank you for the response
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, March 13 2019, 01:30 PM - #Permalink
    Resolved
    0 votes
    So we solved the issue without needing the command. We changed the customers local IP range / subnet mask and the issue was resolved. Thanks for all the help
    The reply is currently minimized Show
Your Reply