your router) but for simplicity I will show you how to add these static routes in via. DHCP using Microsoft DHCP services given that we are also using Microsoft DNS services it makes sense to do it this way: There are a number of ways in which we can advertise the route to our network devices on the LAN, for example you could add the static route on the primary gateway (eg. Add static routes to our LAN connected computers so they can “talk” to our VPN clients If all has gone well, your VPN clients should not be able to route to the 172.25.87.0 network. # will also need to appropriately firewall theįor the changes to take effect, save the file and restart the OpenVPN Service from the Control Panel > Administrative Tools > Services panel. # To force clients to only see the server, you # By default, clients will only see the server. # clients to be able to "see" each other. You should also find the following configuration section and uncomment (remove the ‘ ’ character) the client-to-client directive as demonstrated below: # Uncomment this directive to allow different
This will tell OpenVPN clients that when the computer tries to access any IP address in the 172.25.87.0 subnet that it should route through our OpenVPN server (as the default gateway for this network). Now scroll down the file until you find this section: # Push routes to the client to allow itĪs you can see there is already two examples of how to add routes but instead of deleting the examples (The ‘ ’ character is an comment!) we’ll add a new one below it: push "route 172.25.87.0 255.255.255.0" To add the static route we need to edit our OpenVPN Server Configuration file using notepad open the following file:Ĭ:\Program Files\OpenVPN\config\server.ovpn In our example we will assume that our internal network subnet is: 172.25.87.0 and we will use the default OpenVPN subnet of 10.8.0.0 for the VPN clients. The result of which should look as follows:Īt this point I had to restart my server as the IP Forwarding did not appear to work immediately! – I’d therefore recommend that you restart your server at this point too! Add static routes to our server.ovpn configurationīy adding a static route for our internal network to the server.ovpn file, these static routes will be downloaded and set on the client machines when they connect to the VPN and is required to enable the client machines to understand how to route to our LAN. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parametersĭouble click the IPEnableRouter entry and set the Value data field to ‘1’ On the server, open up Command Prompt and run: regedit To enable IP forwarding on the server we will need to use Regedit (Windows Registry Editing Tool), this change is very simple to make and although this can also be achieved by enabling Routing and Remote Access on the server there is little point given that we simply don’t need it.
#Windscribe vpn allow local subnet windows#
Add static routes to our internal network clients (using Windows DHCP and I will also demonstrate adding them manually for servers using static IP addresses) so that LAN clients and servers can “see” the VPN clients.Add static routes to our server.ovpn configuration so the routes are advertised to the client machines so they understand how to route to our LAN network.Enable IP Forwarding on Windows Server 2012 R2 (so that our VPN traffic can route to our internal network and vice-versa).This article will cover the following things: This article will walk you through the process of configuring IP forwarding on our Windows server and exposing static routes to enable VPN clients to access network devices on the LAN given that Out-the-box OpenVPN will only allow the clients to access the resources on the OpenVPN server. In my previous post I wrote about how to setup an SSL VPN server on Windows 2012 R2 and enable external network access to the server using OpenVPN.
0 kommentar(er)
