You should also find the following configuration section and uncomment (remove the ‘ ’ character) the client-to-client directive as demonstrated below: # Uncomment this directive to allow different This will tell OpenVPN clients that when the computer tries to access any IP address in the 172.25.87.0 subnet that it should route through our OpenVPN server (as the default gateway for this network).
#WINDOWS OPENVPN CLIENTS HOW TO#
Now scroll down the file until you find this section: # Push routes to the client to allow itĪs you can see there is already two examples of how to add routes but instead of deleting the examples (The ‘ ’ character is an comment!) we’ll add a new one below it: push "route 172.25.87.0 255.255.255.0"
To add the static route we need to edit our OpenVPN Server Configuration file using notepad open the following file:Ĭ:\Program Files\OpenVPN\config\server.ovpn In our example we will assume that our internal network subnet is: 172.25.87.0 and we will use the default OpenVPN subnet of 10.8.0.0 for the VPN clients. The result of which should look as follows:Īt this point I had to restart my server as the IP Forwarding did not appear to work immediately! – I’d therefore recommend that you restart your server at this point too! Add static routes to our server.ovpn configurationīy adding a static route for our internal network to the server.ovpn file, these static routes will be downloaded and set on the client machines when they connect to the VPN and is required to enable the client machines to understand how to route to our LAN. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parametersĭouble click the IPEnableRouter entry and set the Value data field to ‘1’ On the server, open up Command Prompt and run: regedit To enable IP forwarding on the server we will need to use Regedit (Windows Registry Editing Tool), this change is very simple to make and although this can also be achieved by enabling Routing and Remote Access on the server there is little point given that we simply don’t need it.
Use our internal DNS server for name resolution by adding some additional client configuration to the server.ovpn file to enable better hostname resolution for a more “transparent” configuration.
#WINDOWS OPENVPN CLIENTS WINDOWS#
In my previous post I wrote about how to setup an SSL VPN server on Windows 2012 R2 and enable external network access to the server using OpenVPN.