open VPN Can ping Open VPN Server but not hosts behind it

  • Hello,


    my network looks like this:


    [IMG:http://www.pkrhs.de/intern/network.png]


    From host b i can connect via openvpn client to the open VPN server of firewall 2 and ping firewall 2 and host c, as well as using rdp to connect to host c.


    From host a i can connect via openvpn client to the open VPN server of firewall 2 and ping firewall 2 but not host c, nor can i connct via rdp to host c.


    I'm using exactly the same config.


    So i think i need to change somenting on firewall 1.


    Status of firewall 1.


    Outgoing firewall disabled.


    Source Nat:


    Source Target Service NAT TO
    192.168.2.0/24 uplink main <ALL> Auto


    P.S. the client keeps reporting for host a (the client on host b doesn't) :


    Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1320 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

  • Update:


    solved problem by myself.


    host a was a vista client and there is omethin wrong by modifing the routng tables


    after i issued the follwing statemenns it is working


    route delete 192.168.1.0


    route add 192.168.1.253 mask 255.255.255.255 192.168.1.x (you must assign a fixed ip address in the ediean firewall)
    route add 192.168.1.0 mask 255.255.255.0 192.168.1.253


    now i need to create two scripts -- connect and disconnect--


    working on it...

  • Falls das Problem bei anderen auftauchen sollte hier mein Fix (funktioniert unter Vista und 7):


    Benutzt wurde der client 2.2.1 von openvpn.eu


    company.ovpn


    company_connect.bat -> muss mit Admin Rechten ausgeführt werden

    Code
    1. C:\OpenVPN\bin\openvpn.exe --config C:\OpenVPN\config\company.ovpn --route-noexec --script-security 2
    2. route delete 192.168.1.0
    3. route delete 192.168.1.x (wobei x die statische IP-Adresse ist die man an den Rechner des Users übergibt)
    4. route delete 192.168.1.253
    5. route delete 192.168.1.255


    TAP Device in der Netzwerkkonfiguration in "OpenVPN" umbennen


    company_disconnect.bat -> muss mit Admin Rechten ausgeführt werden


    Code
    1. netsh interface set interface "OpenVPN" DISABLE
    2. netsh interface set interface "OpenVPN" ENABLE


    Zwei scripts anlegen


    route_up.bat

    Code
    1. route delete 192.168.1.0
    2. route delete 192.168.1.253
    3. route delete 192.168.1.255
    4. route add 192.168.1.253 mask 255.255.255.255 192.168.1.x (wobei x die statische IP-Adresse ist die man an den Rechner des Users übergibt)
    5. route add 192.168.1.0 mask 255.255.255.0 192.168.1.253
    6. route add 192.168.1.255 mask 255.255.255.255 192.168.1.253


    down.bat

    Code
    1. route delete 192.168.1.0
    2. route delete 192.168.1.253
    3. route delete 192.168.1.255