OpenVpn -- Unable to reach machines on server side

[burnout]

I'm buid my home server as well with extra feature like Mysql and other features. Now I need to configure Nas4Free server as OpenVpn server but I'm follow some problem.

I'm not able to ping from client (W7 x64) all devices on server side.
Here ip addresses:

Main router: 192.168.1.1
Nas4Free server: 192.168.1.201 & 192.168.10.0 Vpn server
Local pc: 192.168.1.10
Local pc: 192.168.1.11
Network printer: 192.168.1.200

Server.conf

Code: Select all

port 1194 
proto udp 
dev tun
client-config-dir ccd

ca ca.crt
cert server.crt
key server.key 
dh dh1024.pem

server 192.168.10.0 255.255.255.0  
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"

keepalive 10 120

cipher BF-CBC       

comp-lzo

max-clients 100 
persist-key
persist-tun

status openvpn-status.log
log-append /var/log/openvpn.log
verb 3 

client.conf

Code: Select all

client
dev tun

proto udp

remote myIp 1194  


resolv-retry infinite
nobind

persist-key
persist-tun

ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\CACA-W7.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\CACA-W7.key"


ns-cert-type server
cipher BF-CBC        
comp-lzo

verb 3

On the main router port 1194 are turn to Nas4Free address.
At moment I'm able to ping the nas from client 192.168.1.201 and to get all services over the tunnel (mysql, ect, ect).

I like to reach at same times the other devices and the network printer.
Can somebody helpme please? I'm not specialist of FreeBsd enviroment......

[alexey123]

192.168.10.0 Vpn server - WTF?

[burnout]

What do you mean "WTF"?

[alexey123]

192.168.10.0 - this is wrong ip adress

[burnout]

I'm update vpn ip address @ 10.8.0.0 255.255.255.0 but problem remains

Need to add route?
netstat -r

Code: Select all

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGS         0      563    re0
10.8.0.0           10.8.0.2           UGS         0      360   tun0
10.8.0.1           link#10            UHS         0        0    lo0
10.8.0.2           link#10            UH          0        0   tun0
localhost          link#9             UH          0        0    lo0
192.168.1.0        link#1             U           0      184    re0
nas4free           link#1             UHS         0        0    lo0
239.0.0.0          e8:40:f2:d1:3c:4e  US          0      110    re0

Internet6:
Destination        Gateway            Flags      Netif Expire
localhost          localhost          UH          lo0
fe80::%re0         link#1             U           re0
fe80::ea40:f2ff:fe link#1             UHS         lo0
fe80::%lo0         link#9             U           lo0
fe80::1%lo0        link#9             UHS         lo0
fe80::%tun0        link#10            U          tun0
fe80::ea40:f2ff:fe link#10            UHS         lo0
ff01::%re0         fe80::ea40:f2ff:fe U           re0
ff01::%lo0         localhost          U           lo0
ff01::%tun0        fe80::ea40:f2ff:fe U          tun0
ff02::%re0         fe80::ea40:f2ff:fe U           re0
ff02::%lo0         localhost          U           lo0
ff02::%tun0        fe80::ea40:f2ff:fe U          tun0

Tracert of 192.168.1.201 (Nas Server)from W7 under tunnel

Code: Select all

C:\Users\CACA>tracert 192.168.1.201

Traccia instradamento verso NAS4FREE [192.168.1.201]
su un massimo di 30 punti di passaggio:

  1    21 ms    22 ms    21 ms  NAS4FREE [192.168.1.201]

Traccia completata.

Tracert of 192.168.1.3 (Win XP)from W7 under tunnel

Code: Select all

C:\Users\CACA>tracert 192.168.1.3

Traccia instradamento verso 192.168.1.3 su un massimo di 30 punti di passaggio

  1    21 ms    21 ms    22 ms  NAS4FREE [10.8.0.1]
  2     *        *        *     Richiesta scaduta.
  3     *        *        *     Richiesta scaduta.
  4     *        *        *     Richiesta scaduta.
  5     *        *     ^C

[alexey123]

mmm
You need understand how the local network work.
If you have a network router 192.168.1.1 the addresses computers of local network can be in the range from 192.168.1.2 to 192.168.1.255 and not otherwise.
192.168.10.0 - this address is not the case, 192.168.10.0 /24 is in the range of a network from 192.168.10.1 to 192.168.10.255

[burnout]

Near the solutions??

I followed steps on this post http://forums.openvpn.net/topic10700.html on my Ubuntu pc and openvpn tunnelling nat run as well.

Modifications on Ubuntu:
add on openvpn.conf

Code: Select all

push "route 10.8.0.0 255.255.255.0"

on shell

Code: Select all

sudo -P INPUT ACCEPT
sudo -P FORWARD ACCEPT
sudo -P OUTPUT ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

Now I able to connect to all interfaces under the server
Network Printer Tracert

Code: Select all

C:\Users\CACA>tracert 192.168.1.200

Traccia instradamento verso SAMSUNG_MULTI [192.168.1.200]
su un massimo di 30 punti di passaggio:

  1    22 ms    22 ms    22 ms  10.8.0.1
  2    23 ms    22 ms    21 ms  SAMSUNG_MULTI [192.168.1.200]

Traccia completata.

Router Tracert

Code: Select all

C:\Users\CACA>tracert 192.168.1.1

Traccia instradamento verso 192.168.1.1 su un massimo di 30 punti di passaggio

  1    20 ms    20 ms    21 ms  10.8.0.1
  2    22 ms    22 ms    22 ms  192.168.1.1

Traccia completata.

Question: How to replicate command sent on Ubuntu shell on Nas4Free. I'm tryed to few posts but I could not found any solution.

Thanks

[burnout]

I follow
http://forums.freebsd.org/showthread.php?t=13500
http://forums.freebsd.org/showthread.php?t=476

If I understand to run a nat I need to do:

Code: Select all

ipfw add nat 1 all from any to me recv tun0

but I'm get

Code: Select all

nas4free:~# ipfw add nat 1 all from any to me recv tun0
ipfw: getsockopt(IP_FW_ADD): Invalid argument

and on system log

Code: Select all

Aug 30 14:25:37 nas4free root: ipfw service restarted
Aug 30 15:03:42 nas4free kernel: IP_FW_NAT_CFG: ipfw_nat not present, please load it

Maybe need to add on Kernel
options IPFIREWALL_NAT #ipfw kernel nat support
options LIBALIAS
http://forums.freebsd.org/showthread.php?t=899

And the option kernel are under /usr/src .... .... ....
http://www.freebsd.org/doc/en_US.ISO885 ... onfig.html

But this path are missing.

How to continue? How to add IPFIREWALL_NAT on kernel options? Or there are an alternative solutions?

[alexey123]

You read this?
http://sourceforge.net/apps/phpbb/freen ... =13&t=8554

Please stop to work with current version.
Zoon remove all sources from SF

[burnout]

You read this?
http://sourceforge.net/apps/phpbb/freen ... =13&t=8554

Yes, I'm follow that topic to install Openvpn and your website
https://sites.google.com/site/aganimkar ... /free-time
for Mysql and PhpMyAdmin (many thanks!!).

server.conf and client.conf are ok! I'm able to reach my home network under Ubuntu after creation of nat.

So, I need to create the same nat on Nas4Free but there are some difference on OS structure from genuine FreeBsd OS (maybe).

Please stop to work with current version.
Zoon remove all sources from SF

Nothing are installed over that services.