[KLUG Members] re: OpenVPN (bill)

[Mike Williams]

>
> From:
> bill <billtron at billtronservices.com>
>
>
>I am trying to get an OpenVPN server to grant access to the rest of the
>LAN it is on.  I'm using tunnelling not bridging (TUN not TAP).  The
>server has one NIC.  The server LAN also has a WINS server on it.  The
>server and the LAN are behind a hardware firewall.
>  
>

>The client can connect o.k., and if I disable the server software
>firewall, the client can ping both the TUN interface IP and the server
>LAN IP.  The server can ping the client.
>
>Using server.conf, I have the server pushing the LAN route to the
>client, as well as a route to the WINS server.  I can see the route to
>the server LAN if I do route print. I can see the WINS server info on
>the client if I do ipconfig /all.
>
>I have ipforwarding set up on the server eth device.  
>
>Do I need to set forwarding up somehow on the TUN interface?  
>
>  
>
IP forwarding is a global setting, so no.

>Do I need to do anything else on the firewall besides routing the
>OpenVPN port?
>
>  
>
No.  The OpenVPN server needs to get out, of course, and the packets 
coming in from the Internet have to be forwarded through, but that 
should do it. 

Can you show what happens if you do a tracert <server LAN> from the 
Windows client?  Route print shows the whole subnet as being directed 
through the tunnel, not just the OpenVPN server's IP, right?