HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 3 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow OpenVPN on Windows
EH-Net
May 22, 2013, 07:50:57 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: OpenVPN on Windows  (Read 8361 times)
0 Members and 1 Guest are viewing this topic.
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« on: February 14, 2007, 05:57:32 PM »
Does anyone have any experience with OpenVPN on Windows? I've configured both server and client scripts, everything seems to talk ok, but there's no network connection. When I connect through the client, it says the connection is successful, it recieves an IP and DNS, but it is not receiving a default gateway (not sure if this is the problem or not). I've been looking all around but there doesn't seem to be much out there on this specific issue. Anyone have any ideas? Thanks.
Logged
pcsneaker
Jr. Member
**
Offline Offline

Posts: 73


View Profile
« Reply #1 on: February 15, 2007, 06:54:56 AM »
Never had any problems.

Post your config if you need help.
Logged
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #2 on: February 15, 2007, 07:39:17 AM »
Alright, the quick run-down is that I have two internal networks I'm wanting to allow access to, 10.1.99.0 and 199.1.99.0. The OpenVPN server is running at 10.1.99.8.


Server Config
########
port 1194
proto udp
dev tap
dev-node tap-bridge
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-128-CBC
comp-lzo
max-clients 25
persist-key
persist-tun
verb 3
status openvpn-status.log
server-bridge 10.1.99.8 255.255.255.0 10.1.99.240 10.1.99.245
push "route 199.1.99.0 255.255.255.0"
push "route 10.1.99.0 255.255.255.0"
push "dhcp-option DNS 199.1.99.66"
push "dhcp-option WINS 199.1.99.66"


Client Config
########
client
dev tap
dev-node vpn
proto udp
remote 12.191.2.235 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
cipher AES-128-CBC
comp-lzo
verb 3
Logged
LSOChris
Guest
« Reply #3 on: February 15, 2007, 08:56:47 AM »
i havent really played with open VPN but is this line correct?


remote 12.191.2.235 1194


you said the server is running at 10.1.99.8
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #4 on: February 15, 2007, 09:02:14 AM »
Yeah, that's for the client that would be coming in from the outside. I have it connecting to an external IP, 12.191.2.235, through UDP port 1194, and then that's forwarded to 10.1.99.8.
Logged
pcsneaker
Jr. Member
**
Offline Offline

Posts: 73


View Profile
« Reply #5 on: February 15, 2007, 11:22:04 AM »
It seems that you are mixing routing and bridging.

Did you create the bridge in windows ? You'll have to do that manually outside of openvpn.

Do you really want to bridge ? (it's not advisable if you're connecting via the internet, a lot of unnecessary traffic will go over the wire...)

If you decide to use routing (that's what I would do) remember that you'll have to activate routing (IP-forwarding) in windows either via MMC-SnapIn "Routing and RAS" or via setting the registry key manually.

BTW, if you don't specify "pull" in the client config no setting will be pushed from the server, so have a look at that too.
Logged
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #6 on: February 15, 2007, 11:48:23 AM »
Hmm...

Yes, I have created the bridge in Windows (on the server), as well as edited the registry key.

The problem seems to be connecting beyond the server at this point. From an outside machine, I am able to connect to the server and ping the server address, but nothing beyond that. On the server side, I am able to ping the outside computer, look at shares, etc.

I'll try adding a 'pull' command for those routes as you have suggested to see if that helps out.

Edit: tried adding the 'pull' statement, but still no luck Sad
« Last Edit: February 15, 2007, 01:15:41 PM by venom77 » Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #7 on: February 15, 2007, 01:36:05 PM »
bah, restarting works wonders Tongue

Figured maybe I made a change somewhere to something at some point that could use a fresh start. Restarted the server and everything seems to be working fine now.

Thanks for the help and suggestions, greatly appreciate it Smiley
Logged
pcsneaker
Jr. Member
**
Offline Offline

Posts: 73


View Profile
« Reply #8 on: February 16, 2007, 03:57:58 AM »
Quote
bah, restarting works wonders Tongue

M$ problem solving: Minor problems - reboot, major problems - reinstall ...
Logged
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.08 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.