OpenVPN not routing traffic to HTTP server on client

[NewtownGal]

Hello,

I'm a newbie to OpenVPN so maybe the solution to this is obvious...

I seem to be having a routing problem, because I can't reach an HTTP server that's on each client machine when I try to access that machine via the vpn.

I have a working OpenVPN system running with an Ubuntu 8.04.1 server as the OpenVPN server. I have multiple remote Ubuntu server machines as OpenVPN clients. All are on the 10.8.0.x network. I can ping and SSH from any vpn client to the vpn server, and vice-versa. There aren't any networks behind any of them. The clients can only talk to the server. So the basic OpenVPN is OK.

Each client has an Apache HTTP server that's on port 8000. I'm trying to reach this HTTP server through the VPN. The HTTP server works fine if I connect to the machine without using the VPN.

I have a web page on an Apache HTTP server that is on the same machine as the OpenVPN server. I have links on that web page to other sites. The links to sites outside the VPN work fine, the problem is that none of the links to Apache HTTP servers on the clients work. I can't connect to those other web pages via the VPN.

I have static IP addresses within the OpenVPN so I know what IP addresses to put into the links in the web page.

I've turned off all firewalls (!) to try to solve this problem.

I've run nmap from the vpn server, and it correctly finds all active vpn clients, and it correctly finds all of the ports, including 8000 for HTTP, that I expect to be open.

So it seems to me that the internal routing, from vpn server to vpn clients, and within each vpn client, is working ok.

Can someone tell me why clicking on a link in a web page that's on a Linux machine that's both an HTTP server and also the VPN server can't open web pages on clients within the vpn ???

Thank you.

-- NewtownGal

[GroundZero3]

Can you ping the vpn clients?

Do you have a router on the network? Did you add a static route for the vpn subnet?

Now the VPN is connected you need to setup up a route to the vpn subnet so 192.168.x.x or whatever can communicate with vpn clients. Log into the router (for this im gonna go through a linksys router, you must bear with me as im using the DD-WRT firmware) . If you are running the default firmware you would click the first tab and see the advance routing tab. Click it then for the destination LAN address type in your VPN subnet. In my case it would be 10.8.1.0, gateway 255.255.255.0 and the gateway will be the address of the VPN server. So if your vpn server internal address is 192.168.1.50 you would but that as the gateway.

HOWTO: Openvpn and Ubuntu (Dapper)