In OpenVPN with Ethernet Bridging, after VPN is established, VPN Client doesn't have Default Gateway and Internet access

by JoyfulPanda   Last Updated October 20, 2019 00:00 AM

Network diagram

There is a network setup as followed:

+--------------------+  +---------------+ +---------------------+
|          +------------>    Internet   <------------+          |
|          |         |  +---------------+ |          |          |
|  +-------+-------+ |                    |  +-------+-------+  |
|  |    Router 1   | |                    |  |    Router 2   |  |
|  +-------^-------+ |                    |  +-------^-------+  |
|          |         |                    |          |          |
|          |         |                    |          |          |
|      +---+---+     |                    |      +---+---+      |
|      |  PC 1 |     |                    |      |  PC 2 |      |
|      +-------+     |                    |      +-------+      |
|                    |                    |                     |
|      MAIN HOME     |                    |   SECONDARY HOME    |
|                    |                    |                     |
+--------------------+                    +---------------------
  • Main home's local subnet: 192.168.1.0/255.255.255.0
  • Secondary home's local subnet: 192.168.0.0/255.255.255.0
  • Main home and Secondary home are far away from each other and have different Internet Service Subscriptions. Thus, both Router 1 and Router 2 have 2 different public IPs.
  • All PCs use IPv4.
  • PC1: Windows 7 x64. PC2: Windows 8.1 x64. At present, for testing purposes, Windows Firewall is disabled.

Intention

I'm usually at the Secondary Home, and I would like to stay and access Internet like I were physically in the Ethernet network in Main Home. That is, in the same Ethernet subnet as PC1.

My attempt

Thanks to OpenVPN Community Edition (openvpn-install-2.4.7-i607-win7.exe), I can set up the VPN between these PCs with Ethernet Bridging. OpenVPN Server is installed in PC1 while OpenVPN Client in PC2.

In PC1, there is a Bridge Connection between the Ethernet interface and the OpenVPN's Tap interface. After creating, the Ethernet interface for PC1 lost its IP; instead, the Bridge interface got one: 192.168.1.74 (thanks to DHCP from Router 1).

In Router 1, I forwarded port 40000 to PC1 (192.168.1.74) so that OpenVPN Client in PC2 can contact the OpenVPN Server in PC1.

In Router 1, I configured DHCP so that it avoids assigning new IPs at a specific range, which is managed by the OpenVPN Server's DHCP. Said in other words, the OpenVPN Client will not rely on the Router 1's DHCP functionality.

In PC1, the Default Gateway is 192.168.1.254. The Router 1 Control Panel's website can be accessed through this IP.

Problems

It works to some extent (PC1 and PC2 can ping each other; PC1 can access Internet), but there are 2 problems:

  1. Using ipconfig /all, PC2 misses "Default Gateway" field.
  2. Probably due to the problem above, PC2 cannot access the Internet.

In OpenVPN Client's log file (PC2), there is a line ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=3 HWADDR=08:00:27:00:6c:e1. I'm not sure if it has something to do with the empty "Default Gateway" in PC2 after VPN is established.

Configuration/Debug data

  • OpenVPN Client's Conf (on PC2)
client
dev tap
proto udp4
remote X.Y.Z.K 40000
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"
remote-cert-tls server
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
cipher AES-256-CBC
comp-lzo
verb 4
keepalive 5 10
auth SHA256
  • Log file for OpenVPN Client (on PC2)

See here

  • IPCONFIG (PC2)
>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MyPC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter ClientVPN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-40-1C-84-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, October 20, 2019 12:13:42 AM
   Lease Expires . . . . . . . . . . : Monday, October 19, 2020 12:13:42 AM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.1.0
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-6C-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.80(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, October 19, 2019 12:11:54 AM
   Lease Expires . . . . . . . . . . : Saturday, October 26, 2019 3:52:33 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
  • OpenVPN Server's Conf (on PC1)
port 40000
proto udp4
dev tap
dev-node ServerVPN
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh4096.pem"
topology subnet
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.74 255.255.255.0 192.168.1.200 192.168.1.210
push "redirect-gateway def1"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1
push "block-outside-dns"
tls-version-min 1.2
auth SHA256
  • Log file for OpenVPN Server (on PC1)

See here

  • IPCONFIG (PC1)
>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SomePC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Network Bridge:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : MAC Bridge Miniport
   Physical Address. . . . . . . . . : 1E-6F-65-E9-78-48
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.74(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, October 19, 2019 4:56:42 PM
   Lease Expires . . . . . . . . . . : Saturday, January 18, 2020 5:00:35 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

I have struggled with those problems in the last few days. Hope someone can help, or give advice/suggestion (I'm new to OpenVPN!).

Tags : vpn openvpn bridge


Related Questions


Updated April 19, 2015 21:00 PM

Updated March 21, 2017 16:00 PM

Updated August 01, 2017 05:00 AM

Updated March 08, 2018 02:00 AM

Updated May 08, 2018 18:00 PM