I am using a Windows Server 2019.
I have an OpenVPN Server listening a NIC with IP 192.16.2.10 (Subnet 255.255.255.0). Connected to the Fritz!Box Router. The router is configured to forward UDP port 1194 to the appropriate NIC.
The internal LAN has a different NIC with IP 192.168.16.205 (Subnet 255.255.255.0).
I can connect from extern to the OpenVPN Server and I get a successful connection.
But the Ping from the external VPN Client to another server in the local net (for example the DNS server 192.168.16.201) fail.
I sam stuck on the documentation
https://community.openvpn.net/openvpn/wiki/HOWTO#ExpandingthescopeoftheVPNtoincludeadditionalmachinesoneithertheclientorserversubnet telling me that I have to do nothing, because I use dev tap
Make sure that you've enabled IP and TUN/TAP forwarding on the OpenVPN server machine.
Including multiple machines on the server side when using a bridged VPN (dev tap) One of the benefits of using ethernet bridging is that you get this for free without needing any additional configuration.
All firewalls (Windows firewalls) are turned off. All hints only point on the Firewall settings...
- I can't ping any server in my local net 192.168.16.x
- I can't reach any server in my local net 192.168.16.x with RDP.
- DNS doesn't work either. (DNS server at 192.168.16.201)
Any ideas?
Here my server.ovpn file:
#################################################
# OpenVPN
#################################################
local 192.168.2.10
port 1194
proto udp
dev tap
topology subnet
#----------------------------------------------
#Zertifikate
#----------------------------------------------
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\dh.pem"
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\issued\\VPNServer-01.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\private\\VPNServer-01.key"
#----------------------------------------------
#Server-Setup
#----------------------------------------------
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\ipp.txt"
client-to-client
#----------------------------------------------
#Client-Settings (inkl Special Dir) Files - OPTIONAL
#----------------------------------------------
#client-config-dir "C:\\Program Files\\OpenVPN\\ccd"
push "route 192.168.16.0 255.255.255.0"
push "dhcp-option DNS 192.168.16.201"
push "dhcp-option DOMAIN vpn.xyz.loc"
#----------------------------------------------
#Defaults
#----------------------------------------------
keepalive 10 120
persist-key
persist-tun
allow-compression yes
cipher AES-256-GCM
data-ciphers-fallback AES-256-CBC
#----------------------------------------------
# Logging
# ----------------------------------------------
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
# log-append "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 3
PS: I use dev tap
according to the following link, the second answer seams to match for my situation:
https://serverfault.com/questions/21157/should-i-use-tap-or-tun-for-openvpn