Wrong route on client - can't access internal network

Support
,
#1

Hi,

I configure open VPN, on this way.

my internal network is: 192.168.1.0/24

image
image298Ă—640 7.76 KB

in this configuration my gatway on VPN network should be 192.168.3.1, but when open vpn client creat route, he create whith de previus ip to the one he givi to my client, exemple: my VPN IP 192.168.3.6, my gatway on route:: 192.168.3.5.

Windows route:
192.168.1.0 255.255.255.0 192.168.3.5 192.168.3.6 281
192.168.3.0 255.255.255.0 192.168.3.5 192.168.3.6 281

Open VPN Route:
Fri Apr 02 00:01:28 2021 MANAGEMENT: >STATE:1617332488,ADD_ROUTES,
Fri Apr 02 00:01:28 2021 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.3.5
Fri Apr 02 00:01:28 2021 Route addition via service succeeded
Fri Apr 02 00:01:28 2021 C:\WINDOWS\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 192.168.3.5
Fri Apr 02 00:01:28 2021 Route addition via service succeeded
Fri Apr 02 00:01:28 2021 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.3.5
Fri Apr 02 00:01:28 2021 ROUTE: route addition failed using service: O objeto já existe. [status=5010 if_index=5]
Fri Apr 02 00:01:28 2021 Route addition via service failed
Fri Apr 02 00:01:28 2021 C:\WINDOWS\system32\route.exe ADD 192.168.3.1 MASK 255.255.255.255 192.168.3.5

any idea to solution ? tks

#2

@carlos_tavares

Hi Carlos

And welcome to the NethServer community!

In my opinion, these will NOT work, if your NethServer is 192.168.1.1/24.

Bildschirmfoto 2021-04-04 um 18.00.25

For all three, you can use 192.168.1.1, which would be correct.

As to the Windows route, WHAT client are you using? Seems not to be Viscosity, IMHO the best OpenVPN client…

I’ve never had routing issues, and I’m using Viscosity for Macs and Windows (For all my clients too!)… I’ll go even further, I never had to bother about routing, the Internal LAN was / is always accessible for OpenVPN clients…

My 2 cents
Andy

#3

Hi Andy,

When i conect on vpn, my server recive a IP 192.168.3.1, because this i use the DNS on that way.

I Will try use the vicosity, actualy i use the ooen DNS client for Windows.

TKS

#4

Hi Andy,

I try use the viscosity and hava a same problem.

image

Tks for your advisor

#5

@carlos_tavares

Good Morning Carlos

The 192.168.3.0/24 network serves only one purpose, to let OpenVPN Clients connect to the NethServer, which in turn acts as a router to your “normal” LAN on 192.168.1.0/24.

Just because the Server uses 192.168.3.1 (and also 192.168.3.2…) does NOT mean that any services are available on those IPs…

In fact, normally, clients connecting with OpenVPN can’t even ping each other, less even connect. The IP is “isolated” from others… (Each client gets a special, virtual network with a /29 subnet, only allowing connections to the server - don’t ask me for details…).

This actually seems to show the correct route:

Bildschirmfoto 2021-04-05 um 08.42.18
Bildschirmfoto 2021-04-05 um 08.42.181320Ă—120 27.7 KB

Normally, OpenVPN will allow your Roadwarrior client to reach your LAN (192.168.1.0/24) and any hosts on that LAN (Must have the NethServer as default gateway). You CAN configure more (much more!) options with OpenVPN, like all traffic passes through the VPN. This makes sense for a company, which “protects” notebooks by routing all trafic through the companys site, where there are recoursses like firewalls, virus scanners etc…

Just ignore the 192.168.3.0/24 network on your client when it comes to routing…

My 2 cents
Andy

A working “sample” configuration. The Nethserver is “hosted”, and directly reachable from the Internet. A second, virtual NIC, has the LAN IP 192.168.10.2, this IP is reachable by all clients.

Bildschirmfoto 2021-04-05 um 08.58.56
Bildschirmfoto 2021-04-05 um 08.58.561198Ă—1334 152 KB

Bildschirmfoto 2021-04-05 um 08.59.09
Bildschirmfoto 2021-04-05 um 08.59.091202Ă—1358 127 KB

2 Likes
#6

Andy, tks for your time.

I configure my open vpn on nethserver to allow traffic client-to-client on VPN network, and my route is the same, My server on VPN stay on IP 192.168.3.1 and 192.168.1.5,I can access the serve on both, but I can’t access any other IP on network 192.168.1.0/24.

#7

@carlos_tavares

Hi Carlos

On the 192.168.1.0/24, do all PCs use the NethServer as Gateway, DHCP and DNS?

Andy

#8

Hi Andy,

On this network the server is only DNS, my gateway and DHCP is 192.168.1.1 (Mikrotik).

In this situation, his not work ?

Regards,
Carlos Tavares

#9

@carlos_tavares

Hi

You will need a route on the Microtik:

Network:
192.168.3.0/24

Gateway:
192.168.1.5? (Your Nethserver’s LAN IP…)

My 2 cents
Andy

1 Like