• 0

OpenVPN Server on Windows Can connect, but can't access anything.

Asked by unknownsoldierX,

 Share

Question

unknownsoldierX
Posted

I've set up OpenVPN server on my Windows 10 machine. When I connect my phone to the VPN using OpenVPN Connect, I can't access SMB or even ping any machine on my network, but I can ping my phone over the VPN from Windows.

 

My LAN is 192.168.11.0

VPN subnet is 192.168.12.0

 

I've configured the Windows Firewall rule "File and Printer sharing (SMB in)" scope to include my VPN subnet.

 

Server config: 

port 1194
proto tcp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
server 192.168.12.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.11.0 255.255.255.0"
keepalive 10 120
key-direction 0
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key"
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3

 

Client config: 

dev tun
proto tcp
remote mydyndnsdomainhere.net 99999
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
verb 3

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
</key>


key-direction 1

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

 

  • Like 1
Link to post
Share on other sites

20 answers to this question

Recommended Posts

  • 0
+BudMan
  • MVC
Posted

So your windows machine is

6 hours ago, unknownsoldierX said:

server 192.168.12.0 255.255.255.0

that is not even a valid address.. that is a network.

 

And then you tell the client to get to 192.168.11/24 to come down the tunnel.. What IP are you trying to ping exactly to get to your machine sharing the files?

 

Why would you not just run openvpn on your edge, ie your router?  Did you install the openvpn mls softare, MS version?

 

You forwarded to your machine from outside?  On your router, and your connecting via that IP from your phone, while its not on your wireless network.. Or you connecting while the phone is on the wireless network?

 

The server address would be your machines actual address.. Say 192.168.11.X, your tunnel network could be 192.168.12/24... Client would get say 192.168.12.2, while server is 192.168.12.1 - it would go down the tunnel to get to your machines IP 192.168.11.X

Link to post
Share on other sites
  • 0
DaveLegg
  • Developer
Posted

You'll also have an issue accessing other machines, say you had another computer at 192.168.11.50, the packets from your phone would reach that computer, but that computer doesn't have a route to reach 192.168.12.X, so will use the default route, and send the reply to the router. The router also doesn't have a route to that network, so will either drop it, (it's an internal network, and shouldn't be routed over the WAN interface), or forward it to your ISP gateway, where it will be dropped.

 

If you're not going to run OpenVPN on your router, you should at least setup a static route on your router to point the 192.168.12.X subnet at the host on your network where the OpenVPN software is running, so that reply packets from other devices can find their way back to the VPN clients - otherwise the only machine you'll be able to access will be the one running the OpenVPN software.

Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted
33 minutes ago, BudMan said:

So your windows machine is

that is not even a valid address.. that is a network.

 

And then you tell the client to get to 192.168.11/24 to come down the tunnel.. What IP are you trying to ping exactly to get to your machine sharing the files?

 

Why would you not just run openvpn on your edge, ie your router?  Did you install the openvpn mls softare, MS version?

 

You forwarded to your machine from outside?  On your router, and your connecting via that IP from your phone, while its not on your wireless network.. Or you connecting while the phone is on the wireless network?

 

The server address would be your machines actual address.. Say 192.168.11.X, your tunnel network could be 192.168.12/24... Client would get say 192.168.12.2, while server is 192.168.12.1 - it would go down the tunnel to get to your machines IP 192.168.11.X

I am connecting from my phone over LTE. My router is forwarding TCP 1194. It connects succesfully.

 

I don't want to use my router as a OVPN server.

 

Windows 10 machine IP on my LAN is 192.168.11.100

 

To test, I try to ping 192.168.11.100 from my phone thorugh the VPN.

 

The example given in the config for the server, and every other explanation I've found, says to config a network for the VPN. Not an address. Hence:

 

server 192.168.12.0 255.255.255.0

  

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

 

Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

You are right, but where is your local statement for the IP the server is listening on?

 

That should be the 11.100 address... Let me duplicate your setup.. Did you edit the reg key for

"IPEnabledRouter

 

 

 

Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted
6 minutes ago, BudMan said:

You are right, but where is your local statement for the IP the server is listening on?

 

That should be the 11.100 address... Let me duplicate your setup.. Did you edit the reg key for

"IPEnabledRouter

 

 

 

Hmm. I didn't know I had to do that. Would it even work if it wasn't already listening on that IP?

 

I have not edited IPEnabledRouter.

23 minutes ago, DaveLegg said:

You'll also have an issue accessing other machines, say you had another computer at 192.168.11.50, the packets from your phone would reach that computer, but that computer doesn't have a route to reach 192.168.12.X, so will use the default route, and send the reply to the router. The router also doesn't have a route to that network, so will either drop it, (it's an internal network, and shouldn't be routed over the WAN interface), or forward it to your ISP gateway, where it will be dropped.

 

If you're not going to run OpenVPN on your router, you should at least setup a static route on your router to point the 192.168.12.X subnet at the host on your network where the OpenVPN software is running, so that reply packets from other devices can find their way back to the VPN clients - otherwise the only machine you'll be able to access will be the one running the OpenVPN software.

That makes sense. How would configure that here?

 

 

ovpnstaticroute.png

Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted (edited)

OK. Some progress.

 

Added IPEnabledRouter to the registry and enabled the routing and remote access service.

 

I've set a static route in my router.

 

Destinaion IP: 192.168.12.0

Subnet Mask: 255.255.255.0

Gateway IP: 192.168.11.100

Metric: 2

 

I can put my phone on LTE, connect to the VPN, and access SMB shares on one of my machines 192.168.11.103. I can even do it using its netbios name!

 

Now the only problem, and the most important, is now I don't know how to access the files or RDP to my Windows 10 machine that is running the VPN server (192.168.11.100).

Edited by unknownsoldierX
Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

You go to 192.168.11.100..

 

Not sure where you got the idea you needed a static route in your router.  That is going to be asymmetrical for sure anyway..  Since you don't want to run openvpn on your router.. You would need to create host routes on other devices on your 11 you wanted to get to pointing to .100 for the 12 network.  Or you would have to source nat.

 

There is a reason vpn to a network are done on the edge, and not some client inside the network.

Link to post
Share on other sites
  • 0
DaveLegg
  • Developer
Posted

Asymmetrical routing works though, and saves the headache of having to manually add that route to each device that joins the 11.X network.

Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

It works because his router is not actually doing any stateful firewalling, or it would not work or or only work until the state expired.

 

Its a BORKED soft of MacGyver setup with chewing gum and twigs.. There is another term from back in the day _____ Rig..  And its not by any means efficient, you have for sure one side of the conversation that is hairpinned.. And you could also run into the problem from boxes saying depending on their security software hey I sent this traffic to mac (gateway mac).. Why is my answer coming back from this different mac - depending on the direction of the start of the conversation.

 

If he wants to vpn into some downstream box from his edge, then he should source nat the traffic so devices on this network looks like all the traffic is coming from the vpn box IP in that network, this removes the asymmetrical issue.  Or you could host route, yes on each box in the network that will need to talk with vpn clients or be talked to from vpn clients.  Or he should hang his vpn box off a transit network off his router.  That will still have hairpinning.  The optimal solution for vpn into network(s) from outside is the edge device.

 

Another solution would be to bridge (tap vs tun) in openvpn so vpn clients get an IP on the network they are wanting to talk to from the vpn.  This has its own drawback as well, and should really be avoided as well unless you have specific need of L2 traffic over the vpn connection.

Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted

Well, with how I have it now, I am able to use RDP on the VPN host machine (192.168.11.100), and I can access shared folders on other machines on my LAN.

 

The only thing I am unable to do is access shares on 192.168.11.100, which would really like to do so I can use a file manager rather than RDP.

 

Any ideas for how I can do that?

Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

If you can rdp to it, then you can access its shares.. You will need to AUTH, and your firewall settings will have to allow it from the remote IP.

Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted

It inexplicably stopped working for a while. I couldn't even ping anything over the VPN. Everything was working fine the first day, then the next few days I couldn't get anything to work. I didn't touch the configuration of anything.

 

Today everything is working again.

 

The other weird thing, when I was trying to figure out why I could connect but nothing was working, I would reconnect to the VPN a lot and would sometimes get what looks like a ipv6 address for my home IP. AFAIK I don't have any way of obtaining an ipv6 address. I plugged it into a few ip trace sites and they told me it was not a valid address.

ovpnipv6.png

Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

You understand many phones only get IPv6 address via cell right.. t-mobile is like this for example.. With so many phones, it not possible to give every phone a public IPv4 address.

 

So you are T-mobile ;)

NetRange:       2607:7700:: - 2607:7700:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR:           2607:7700::/32
NetName:        TMO2
Organization:   T-Mobile USA, Inc. (TMOBI)

 

 

  • Like 1
Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted
7 hours ago, BudMan said:

You understand many phones only get IPv6 address via cell right.. t-mobile is like this for example.. With so many phones, it not possible to give every phone a public IPv4 address.

 

So you are T-mobile ;)

NetRange:       2607:7700:: - 2607:7700:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR:           2607:7700::/32
NetName:        TMO2
Organization:   T-Mobile USA, Inc. (TMOBI)

 

 

Server Public IP is supposed to display the WAN facing IP address of my home router. Most of the time it does. My router has never received a ipv6 address from my ISP, so the OVPN app should never display an ipv6 address. But, for some reason it does. Maybe one out of every four times I connect.

 

I appreciate your help, but you are confusing some things.

Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

What am I confusing - you posted a screenshot showing your server IP as an IPv6 address.. And asking a question on why you were seeing that?? Its because your phone does not have an actual IPv4 address, so t-mobile translates any IPv4 to an IPv6 address.

 

ipv6.thumb.jpg.b647afedb49778c606a8ba7c19b34ead.jpg

 

I know exactly how this stuff works, and use it pretty much every day, support it and design for it to be used.. And have been for going like going on 30 years..  Well before any of this tech was even created.. So when I tell you how your trying to do it with asymmetrical routing and chewing gum and sticks you found on the ground is borked.. That is what you are doing ;) 

 

No ###### your home server doesn't haven IPv6 address.. What does that have to do with the price of tea in china?

 

If you connect to your server from some network where you have an actual IPv4 address and your LTE carrier doesn't have to translate your IPv4 address to IPv6 then that is what you will see.

 

Here I connected over wifi this time, where it only has ipv4 address

 

wifionly.thumb.jpg.857c2b2c473c6c6cc893967c4e61261d.jpg

Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted

It does display my server ip4 address most of the time, though. Weird.

Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

Well where are you connecting from - if some hotspot via IPv4 then yeah... But many a mobile phone these days phones only get IPv6.. Any IPv4 they want to go to has to get translate to an IPv6 address. think of nat in reverse ;)  That is a real layman term to look at it, if you more details of how its done lookup 464XLAT..

Link to post
Share on other sites
  • 0
unknownsoldierX
  • Author
Posted

This is all occurring over LTE on my phone. Mostly I get a ipv4 address, but sometimes it's ipv6. I can be connected to the VPN with one, disconnect and wait a few seconds, reconnect and get the other.

Link to post
Share on other sites
  • 0
+BudMan
  • MVC
Posted

T-mobile doesn't give IPv4 - maybe your roaming on another carrier?

 

Are you not in the US?  Maybe international they use both... But here in the US, your t-mobile phone connecting to t-mobile will only ever get IPv6

https://www.internetsociety.org/resources/deploy360/2014/case-study-t-mobile-us-goes-ipv6-only-using-464xlat/

 

Looks like they might have some sort of fallback options, is your handset really OLD?

https://pc.nanog.org/static/published/meetings/NANOG73/1645/20180625_Lagerholm_T-Mobile_S_Journey_To_v1.pdf

 

But doesn't matter as you can connect over ipv6 to your ipv4 server.  when they 1st rolled that out, that was not the case.. But it has worked for years..

Link to post
Share on other sites
This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • TP-Link AC1750 Smart WiFi Router is 28% off today on Amazon
      By Steven P.
      TP-Link AC1750 Smart WiFi Router is 28% off today on Amazon
      by Steven Parker

      Today on Amazon, you can save 28% on a TP-Link AC1750 Smart WiFi Router (Archer A7) Dual Band Gigabit Wireless Internet Router. Normally costing $79.99, it's now down to $57.99, saving you $22.

      A few of its highlights can be viewed below:

      The specifications for this item are:

      This item qualifies for free delivery, and in some regions, same day delivery. Up to four years of Protection can be added for an additional $9.99. Standard manufacturers warranty details must be claimed via TP-Link customer service.

      Get the TP-Link AC1750 Smart WiFi Router (Archer A7) for $57.99 (list price $79.99) - 28% off

      As an Amazon Associate, Neowin may earn commission from qualifying purchases.

    • Compute and storage updates are available for mission-critical applications on Azure
      By Usama Jawad96
      Compute and storage updates are available for mission-critical applications on Azure
      by Usama Jawad

      Microsoft has unveiled several capabilities and updates for its Azure platform, focusing on making it easier for customers to deploy end-to-end solutions. Some of these include updates to compute and storage solutions for mission-critical applications hosted on Azure.

      Server image via Shutterstock With respect to compute optimizations, on-demand capacity reservations for Azure Virtual Machines (VMs) with service-level agreements (SLAs) will arrive as a preview in April. In the same vein, customers can now scale their VMs without redeploying their scale set, with better control over cost management too. For workloads that are memory- and CPU-intensive, new Mv2 Azure VMs are available in preview as well.

      On the storage end of things, multiple capabilities have been announced, once again in preview. Among these are new Azure Premium and Standard SSDs for increased data protection in case of zonal failures. Microsoft is also offering new performance tiers for customers who want higher sustained performance on Premium SSDs without having to resize it. Finally, auto-key rotation for customer-managed encryption keys (CMEKs) are live which removes some of the management burden on the customer. Backup Center has hit general availability too, this allows backup management in unified view across multiple VMs and database servers. Archive support for Azure VMs and SQL server running on Azure VMs using PowerShell is available in "limited preview" too.

      Speaking of better management on cloud platforms, enhancements are available for Azure Monitor. These enable developers building Node.js applications on Linux App Services to utilize Application Insights using auto-instrumentation. Similarly, new features have been added to Azure Automanage, which is currently in preview. IT admins can now deploy security patches to Windows Server VMs in a matter of seconds.

      To enable faster app development and management, Azure Arc-enabled Kubernetes has hit general availability. It allows customers to manage and deploy to Kubernetes clusters efficiently via the Azure Portal and GitOps respectively. Moreover, Azure Arc-enabled machine learning is currently in preview and allows developers to build AI models in Azure Machine Learning and targeting Kubernetes clusters without having to learn Kubernetes.

      Microsoft has also released a host of new services and tools to make it easier for customers to migrate their workloads to the cloud. These include enablement programs like Azure Migration Program (AMP) and FastTrack for Azure, and documentation such as the Microsoft Cloud Adoption Frameworks. Azure Migrate has new updates in preview to enable customers to easily migrate their solutions to the cloud. These include the Azure Migrate Azure PowerShell module through which customers can migrate their servers to Azure VMs in an automated way via cmdlets.

      Finally, on the networking side, new options are available in Azure Load Balancer. For customers who want to upgrade and retain the same IPs, Azure Public IP SKU upgrade is now generally available. The same is the case with Azure Networking routing preference; as the same suggests, it allows customers more flexibility in deciding how their traffic is routed between Azure and the internet.

      For hybrid networking scenarios, Azure Route Server, ExpressRoute Gateway metrics, Virtual WAN Remote User VPN Features, and Azure Virtual WAN are currently available in preview. Meanwhile, Scalable Bastion Gateway, advanced VPN diagnostic features, and ExpressRoute IPv6 support will be rolled out in preview soon. Over on the network security side of things, Azure Front Door and Firewall Premium have been upgraded with new capabilities and are now available in preview.

      Check out our other Ignite 2021 coverage right here.

    • Network Automation Cookbook ($27.99 Value) - free download
      By News Staff
      Network Automation Cookbook ($27.99 Value) - free download
      by Steven Parker

      Claim your complimentary eBook (worth $27.99) for free, before the offer expires on 02/03.



      Network Automation Cookbook is designed to help system administrators, network engineers, and infrastructure automation engineers to centrally manage switches, routers, and other devices in their organization's network.

      This book will help you gain hands-on experience in automating enterprise networks and take you through core network automation techniques using the latest version of Ansible and Python.



      With the help of practical recipes, you'll learn how to build a network infrastructure that can be easily managed and updated as it scales through a large number of devices. You'll also cover topics related to security automation and get to grips with essential techniques to maintain network robustness. As you make progress, the book will show you how to automate networks on public cloud providers such as AWS, Google Cloud Platform, and Azure. Finally, you will get up and running with Ansible 2.9 and discover troubleshooting techniques and network automation best practices.

      By the end of this book, you'll be able to use Ansible to automate modern network devices and integrate third-party tools such as NAPALM, NetBox, and Batfish easily to build robust network automation solutions.

      This free offer expires on Feb 3.

      How to get it
      Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!

      >> Network Automation Cookbook ($27.99 Value) - free download <<
      Offered by Packt Publishing, view their other free resources. Expires 02/03/21.

      Not for you?
      That's OK, there are other free eBooks on offer you can check out here.



      Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.

    • Save 95% off this Complete Computer Networking eBook & Video Course Bundle
      By News Staff
      Save 95% off this Complete Computer Networking eBook & Video Course Bundle
      by Steven Parker

      Today's highlighted deal comes via our Online Courses section of the Neowin Deals store where you can save 95% off this Complete Computer Networking eBook & Video Course Bundle. Attain systems efficiency & security with 14+ hours of video content and 5 comprehensive e books on DevOps, Programming, AWS, CCNA, and more.



      This bundle consists of the following courses:

      The Ultimate Kubernetes Bootcamp by School of Devops [Video]
      Prepare for the CKA Exam — Master Container Orchestration with Kubernetes One Step at a Time AWS Certified Advanced Networking: Specialty Exam Guide [eBook]
      Build Your Knowledge & Technical Expertise as an AWS-Certified Networking Specialist Hands-On Network Programming with C [eBook]
      Learn Socket Programming in C & Write Secure and Optimized Network Codes Analyzing Network Traffic with Wireshark 2.6 [Video]
      Delve Into Network Traffic & Analyze Individual Protocol Data Units Active Directory Administration Cookbook [eBook]
      Actionable, Proven Solutions to Identity Management & Authentication on Servers and in the Cloud Hands-On PowerShell for Active Directory [Video]
      Use PowerShell for Active Directory to Eliminate Manual Labor with Quick Automation Tasks & Functions Effective Jenkins: Getting Started with Continuous Integration [Video]
      Learn Continuous Integration, Automate Your Jenkins Projects & Get Continuous Feedback for Your Upstream/Downstream Projects Hands-On Kubernetes Networking [Video]
      Unravel the Mystery of Networking in Your Kubernetes Cluster in a Pragmatic Manner CCNA Cyber Ops SECOPS: Certification Guide 210-255 [eBook]
      Develop Your Cybersecurity Knowledge to Obtain CyberOps Certification Hands-On Linux for Architects [eBook]
      Design & Implement Linux-Based IT Solutions Good to know
      Updates included Length of time users can access after purchase: lifetime Redemption deadline: redeem your code within 30 days of purchase For a full description, specs, and author info please click here.

      Here's the deal:
      This Complete Computer Networking eBook & Video Course Bundle normally costs* $746 but it can be yours for just $29.99 for a limited time, that's a saving of $716.01 (95%) off the price.

      >> Get this deal, or learn more about it here <<
      See all Online Courses on offer. This is a time limited deal.
      Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.

      Not for you?
      If this offer doesn't interest you, why not check out the following offers:



      The Win Your Dream 2020 Tesla Model 3 Giveaway Ivacy VPN - 5 year subscription for just $0.99 per month NordVPN - 2 year subscription at up to 68% off +3 months for free! Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store

      Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

    • Intel shows promising progress and key advances in integrated photonics for data centers
      By Ather Fawaz
      Intel shows promising progress and key advances in integrated photonics for data centers
      by Ather Fawaz

      Image via Intel Press Kit The effective management, control, and scaling of electrical input/output (I/O) are crucial in data centers today. Innovative ideas like Microsoft's Project Natick, which submerged a complete data center underwater, and optical computing and photonics, which aim to use light as a basic energy source in a device and for transferring information.

      Building on this, at the Intel Labs Day 2020 conference today, Intel highlighted key advances in the fundamental technology building blocks that are a linchpin to the firm's integrated photonics research. These building blocks include light generation, amplification, detection, modulation, complementary metal-oxide-semiconductor (CMOS), all of which are essential to achieve integrated photonics.

      Among the first noteworthy updates, Intel showed off a prototype that featured tight coupling of photonics and CMOS technologies. This served as a proof-of-concept of future full integration of optical photonics with core compute silicon. Intel also highlighted micro-ring modulators that are 1000x smaller than contemporary components found in electronic devices today. This is particularly significant as the size and cost of conventional silicon modulators have been a substantial barrier to bringing optical technology onto server packages, which require the integration of hundreds of these devices.

      The key developments can be summarized as follows:

      These results point towards the extended use of silicon photonics beyond the upper layers of the network and onto future server packages. The firm also believes that it paves a path towards integrating photonics with low-cost, high-volume silicon, which can eventually power our data centers and networks with high-speed, low-latency links.

      Image via Intel Press Kit “We are approaching an I/O power wall and an I/O bandwidth gap that will dramatically hinder performance scaling", said James Jaussi, who is the Senior Principal Engineer and Director of the PHY Lab at Intel Labs. He signaled that the firm's "research on tightly integrating photonics with CMOS silicon can systematically eliminate barriers across cost, power, and size constraints to bring the transformative power of optical interconnects to server packages.”