[Openvpn-users] Basic questions / unique gateway for clients

["Joris Kempen" <jkempen@xxxxxxx>]

Title: Basic questions / unique gateway for clients

dear openvpn users!

I'm rather new at using OpenVPN or VPN at all. Did some testing with "Routing and Remote access" in windows2003 and the inbuilt vpn client of Windows. So no network expert at all!I think that my problem/setup contains of several problems and I tried to break it up in several parts.

What I want to accomplish in the end:
Windows2003 server with 1 NIC that has 2 ip addresses:
85.x.x.78
85.x.x.79

There is nothing like NAT going on at the server. These Ip's are all directly reachable from the internet.
the ipconfig for this machine:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-12-3F-2A-82-A0
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 85.x.x.79
   Subnet Mask . . . . . . . . . . . : 255.255.255.192
   IP Address. . . . . . . . . . . . : 85.x.x.78
   Subnet Mask . . . . . . . . . . . : 255.255.255.192
   Default Gateway . . . . . . . . . : 85.x.x.126
   DNS Servers . . . . . . . . . . . : 85.x.x.69
                                       83.x.x.123
   NetBIOS over Tcpip. . . . . . . . : Disabled

I have 2 clients that are behind a NAT ADSL modem and have a Ip address like this:
client1 : 10.0.0.1
client2 10.0.0.2
and default gateway is 10.0.0.138 (speedtouch adsl modem)

the thing I want to accomplish that client1 makes a VPN connection with the server and uses 85.x.x.78 for all it's gateway network connection. (So if I browse to website www.watismijnip.nl it displays 85.x.x.78 for this client)

and client2 will make a vpn connection with the server and uses 85.x.x.79 for all it's gateway network connections (So if I browse to website www.watismijnip.nl it displays 85.x.x.79 for this client)

My first start was to just to setup a basic VPN connection with the server, without the need to make sure the clients clients each get an unique gateway for the internet.

So said, so done:

server config:
local 85.x.x.79
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 192.168.100.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

client config:
client
dev tun
proto udp
remote 85.x.x.79 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

I had this working at some point that I could ping the server from my client! And I could reach the shares of the server using explorer! All trouble I had left,  is that the client couldn’t do anything more on the internet, all pings / tracert wouldn’t reach any target.

From that point I tried several things to make sure the client still could access the internet. No progres in this.  After several days of leaving this project, because it was getting frustrating, I tried again today.

Now I have these problems /questions:
1.      is the config I’m using above a good starting direction, to accomplish my final goal? (unique gateways for each client)

2.      With the above config I can’t ping the server anymore! I didn’t change a thing but for some reason the packets get dropped at the server (192.168.100.1):

"client1/84.x.x.83:4740 MULTI: bad source address from client [10.0.0.2], packet dropped"

This 10.0.0.2 ip address is from my physical nic in my clients pc! (the one connected with my ADSL router!) Shouldn’t it be using the IP-address it gets from the VPN connection  à 192.168.100.5

3.  If I do Ipconfig /all, I get this info from the OpenVPN network device on the client:

       IP-adres. . . . . . . . . . . . . : 192.168.100.6
       Subnetmasker. . . . . . . . . . . : 255.255.255.252
       Standaardgateway. . . . . . . . . : 192.168.100.5
       DHCP-server . . . . . . . . . . . : 192.168.100.5

Why does it use 192.168.100.5 for the gateway and dhcp? My guess would that I uses 192.168.100.1 (= server). I don’t have that much networking knowledge. This 192.168.100.5 can’t be pinged or whatever. What is this exactly?

My routing table on the client looks like this:
Netwerkadres               Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.100.5   192.168.100.6       1
         10.0.0.0        255.0.0.0         10.0.0.2        10.0.0.2       20
         10.0.0.2  255.255.255.255        127.0.0.1       127.0.0.1       20
   10.255.255.255  255.255.255.255         10.0.0.2        10.0.0.2       20
     85.x.x.79  255.255.255.255       10.0.0.138        10.0.0.2       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    192.168.100.1  255.255.255.255    192.168.100.5   192.168.100.6       1
    192.168.100.4  255.255.255.252    192.168.100.6   192.168.100.6       30
    192.168.100.6  255.255.255.255        127.0.0.1       127.0.0.1       30
  192.168.100.255  255.255.255.255    192.168.100.6   192.168.100.6       30
        224.0.0.0        240.0.0.0         10.0.0.2        10.0.0.2       20
        224.0.0.0        240.0.0.0    192.168.100.6   192.168.100.6       30
  255.255.255.255  255.255.255.255         10.0.0.2        10.0.0.2       1
  255.255.255.255  255.255.255.255    192.168.100.6   192.168.100.6       1
Standaard-gateway:     192.168.100.5
===========================================================================
Permanente routes:
  None

3.      If I look in the ipp.txt document on the server it says this:
client1,192.168.100.4

So you would assume that client1 would get the ip address 192.168.100.4 and not 192.168.100.6

Any ideas why this is?

Sorry for asking all these questions, but it’s really frustrating to be trying this for hours without any progress.

And please tell me, if my direction is going the right way, or that I should complete change the configs that I’m using for OpenVpn!

Many thanks in advance!

Regards,

Joris