OpenVPN server on Windows 7 – How to route specific IP addresses to clients?

Okay, so I do not have a strong background per se in computing, nor networking, and I’m really just starting to learn this stuff now, for a relatively small family business of ours. It is rather fascinating and I’ve got a lot to learn. However, I have recently been playing with OpenVPN server configurations and had some success with bridging. I am working on a routing configuration now. One thing I have spent hours and hours playing with is being able to have a client which is assigned an IP address as such:
( with the OpenVPN server:
(, having access to JUST ONE INTERNAL LAN IP address for a web application.

Allow me to explain further. On the LAN there is a server at: which is an Apache server hosting a web application for internal usage. For individuals whom work locally, it is all accessible, as one would expect. Port 80 HTTP. Open up a browser and type http :// and bingo, it is there.

However, as we are expanding and having individuals work remotely, we wish to give them access to this web application too (at http :// In bridged mode, this works fine, however, they also get access to all the other networked resources/computers et cetera. Sure, a good firewall helps (we have recently installed a WatchGuard firewall, although only for a few other servers, the web application server is not behind it. Yet.) It seems this should be possible, to do. But, as I’m fumbling my way through this, I could do with a bit of advice, as currently over a routed connection, it is not accessible.

BTW – my question is very familiar to the one posed here:

Connecting a LAN to an OpenVPN server via a windows 7 client gateway

The only difference being.. both computers (including the server for web application) are Windows. And yes, I’ve disabled all firewalls for all adapters (OpenVPN one as well) (only during testing/experimenting), including Windows Firewall, on gateway computer and Apache server. In the question linked above, the individual found his solution being IPTABLES, however, I’m quite certain that’s just a Linux thing. (I’ve never heard of it before).

Nevertheless, these are the steps I’ve taken thus far.

  1. Enabled IP Forwarding on the gateway (OpenVPN server) by the registry edit documented in previous link.

  2. Added within server.conf (push “route”)

  3. I’ve experimented on the gateway computer which is part of the private subnet (192.168.50.*) with various command lines “route ADD MASK … ” et cetera. And I’ve done them non-persistently and cleared them out afterwards, after testing that they did not work.

So, any further guidance would be greatly appreciated. Sorry for essay form, just wanted to give as much information up front.




(VPN Client <-> VPN Server): Leaving the Apache server aside for a moment, how far have >you got with the OpenVPN tunnel itself? Does it connect? Can you get any traffic at all >over it, and know it’s working? Use ping on the VPN client and try to ping the server > and prove you’re getting a connection.

Yes, the client can successfully connect to the server using a combination of client specific certificates and authorization (username/password). At this point, yes, traffic is going over it and it is working. Even when all traffic for the client is forced over (I only played around with this setting for testing), so, the web browser traffic is passed through it – it works very well. And as for pinging from VPN client to server, it works perfectly.. all four packets return as desired.

(VPN <-> LAN on the VPN server): You have enabled routing in the registry, but is it >working? The OpenVPN server needs an IP address on the 192.168.50.x network.

Yes, I have enabled routing in the registry, but is it working? I do not know. I do not know how to check whether the OpenVPN server has an IP address on the 192.168.50.? Prior to turning the OpenVPN server on.. if I enter “ipconfig /all” at the command line, I see for the Local Area Network adapter that it has an IP address of (static LAN IP). Once the OpenVPN server/service is started, the new adapter now takes an address of… and naturally if I type “ipconfig /all”, then I see for the two different adapters – two different IP addresses respectively listed moments ago. I can ping from the server to and (and all other servers/computers on the 192.168.50.x network can ping… however, the other servers/computers on the 192.168.50.x network cannot ping the newly connected server at nor the connected VPN client (first client) with address of (as an example).

So, is it a matter of configuring the adapter which has an IP address of to be able to communicate with 192.168.50.x addresses?

What do I need to do to get “The OpenVPN server needs an IP address on the 192.168.50.x network.” working? Is this different than the one the actual computer already has on it’s default LAN adapter? That is one part that is getting confusing.

If you look in the client’s routing table (“route print” at the command line), and/or in >the OpenVPN connection logs, is it picking up the routes to the 192.168.50.x network that >you put in server conf? If so, is the route gateway set to the address of the >OpenVPN server? From the client, can you ping the OpenVPN server on the 192.168.50.x >address?

This part I will need to do again. Since posting my question here yesterday, I have spent a bit of time messing around and there are no default routes pushed over. I will do that shortly and revise this post at that point. However, what I can say is that when I did push the route 192.168.50.x.. I definitely could NOT ping the address or any other 192.168.50.x address from the client.


Leave a Reply