Windows 8 and Internet connectivity

[Westley]

Hi,

Sorry if this is the wrong forum for this.

Have a Windows 8 machine and installed OpenVPN 2.3.1 client as a fresh install (no previous version of OpenVPN was installed).

Connectivity to the VPN server works fine.

What we have noticed is that when we are connected to the VPN we can no longer browse the Internet. We have to disconnect from the VPN to be able to go to any other websites. Did not have this issue while using previous versions on Windows XP/7.

Anyone have any clues?

Thanks,
Westley

[maikcat]

config files? server/client

Michael.

[Westley]

I've taken out the certificate code and replaced user/domain names, but left everything else in tact.

Thanks!
Westley

client.ovpn

# Automatically generated OpenVPN client config file
# Generated on Wed Apr 3 22:20:14 2013 by server
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=xxxxxx
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=user@server.domain.com
# OVPN_ACCESS_SERVER_WSHOST=server.domain.com:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
client
proto tcp
remote server.domain.com
port 443
dev tun
dev-type tun
ns-cert-type server
reneg-sec 86400
auth-user-pass
auth-retry interact
comp-lzo no
verb 3

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

# -----BEGIN RSA SIGNATURE-----
# -----END RSA SIGNATURE-----

as.conf
------------------------------------------------------------------
# OpenVPN AS 1.1 configuration file
#
# NOTE: The ~ symbol used below expands to the directory that
# the configuration file is saved in

# remove for production
# DEBUG=false

# temporary directory
tmp_dir=~/tmp

lic.dir=~/licenses

# run_start retries
run_start_retry.give_up=60
run_start_retry.resample=10

# enable client gateway
sa.show_c2s_routes=true

# certificates database
certs_db=sqlite:///~/db/certs.db

# user properties DB
user_prop_db=sqlite:///~/db/userprop.db

# configuration DB
config_db=sqlite:///~/db/config.db

# log DB
log_db=sqlite:///~/db/log.db

# wait this many seconds between failed retries
db_retry.interval=1

# how many retries to attempt before failing
db_retry.n_attempts=6

# bootstrap authentication via PAM -- allows
# admin to log into web UI before authentication
# system has been configured. Configure PAM users
# allowed to access via the bootstrap auth mechanism.
boot_pam_service=openvpnas
boot_pam_users.0=username
# #boot_pam_users.1=
# #boot_pam_users.2=
# #boot_pam_users.3=
# #boot_pam_users.4=

# System users that are allowed to access the server agent XML API.
# The user that the web server will run as should be in this list.
system_users_local.0=root
system_users_local.1=openvpn_as

# The user/group that the web server will run as
cs.user=openvpn_as
cs.group=openvpn_as

# socket directory
general.sock_dir=~/sock

# path to linux openvpn executable
# if undefined, find openvpn on the PATH
#general.openvpn_exe_path=

# source directory for OpenVPN Windows executable
# (Must have been built with MultiFileExtract)
sa.win_exe_dir=~/exe

# The company name will be shown in the UI
sa.company_name=OpenVPN Technologies, Inc.

# server agent socket
sa.sock=~/sock/sagent

# If enabled, automatically generate a client configuration
# when a client logs into the site and successfully authenticates
cs.auto_generate=true

# files for web server (PEM format)
cs.ca_bundle=~/web-ssl/ca.crt
cs.priv_key=~/web-ssl/server.key
cs.cert=~/web-ssl/server.crt

# web server will use three consecutive ports starting at this
# address, for use with the OpenVPN port share feature
cs.dynamic_port_base=870

# which service groups should be started during
# server agent initialization
sa.initial_run_groups.0=web_group
#sa.initial_run_groups.1=openvpn_group

# use this twisted reactor
sa.reactor=epoll

# The unit number of this particular AS configuration.
# Normally set to 0. If you have multiple, independent AS instances
# running on the same machine, each should have a unique unit number.
sa.unit=0

# If true, open up web ports on the firewall using iptables
iptables.web=true

vpn.server.user=openvpn_as
vpn.server.group=openvpn_as

[maikcat]

one sec please...

are you using the community or AS version?

Michael.

[Westley]

I believe I have the AS version on the server.

Even after doing an update apt-get update of OpenVPN on the server, I wasn't sure if it updated the client files available for download, so I downloaded the client from the community files page.

I wasn't able to find anyway to figure out what version I now have on the server and what version of the client is available from my server.

[huigmeinen]

i have a same problem, Thanks for asking and i found right solution hers. Thanks for sharing.

[bpmee31]

Hi,

I have windows 8 and 8.1 laptops (64 bit) running OpenVPN successfully. Here's what my problem was and how I believe I have fixed it (at least until the next restart )

Questions
1. Do you have a network drive attached to your ethernet port?
For example, I have a WD MyBook live attached directly to my laptop for backups instead of accessing it with Wifi. This produces much faster transfer speeds. However, it does fiddle with your laptop's ipconfig. You will most likely have to configure this drive manually. Before fixing OpenVPN, disconnect it.

2. Do you have 1 or more "old" OpenVPN installations that have ceased working since upgrading to Windows 8 or Windows 8.1 64 bit?
If so, backup all your config files. We'll be deleting these old installations shortly.

3. Do you have any third party security programs running (ie. SpyShelter, McAfee)
If so, turn them all off for now.

Steps
1. Go into your existing Windows Firewall advanced settings section. Remove ANY and ALL inbound/outbound rules related to OpenVPN that were setup in the past or while you were trying to fix the connection problem.

2. Go to Add/Remove programs and delete all your OpenVPN programs completely.

3. Reboot.

4. After restart, go to OpenVPN website and download the LATEST 32 bit version, even if you are using 64 bit. 64 Bit systems can run x86 programs fine, unless you're adamant about processing efficiency (I believe 64 Bit OpenVPN should work too, but right now I haven't messed with it yet).

5. Allow OpenVPN to install completely, including TAP and any dependencies. If you are prompted to approve installation components by the system or any other program, approve all items.

6. Find your backup folder of configs from old OpenVPN and copy them into your NEW OpenVPN folder.

7. Next turn off Windows firewall, making sure public, private, and domain protection are all off. You can do this from Windows Firewall advanced settings.

8. Turn off any third party security programs.

9. Unplug any disk drives connected by Ethernet.

10. Open CMD prompt, enter (no quotes) "ipconfig /flushdns" then "ipconfig /renew".

11. Return to Windows Firewall and open Advanced settings. Select Inbound Connections. Add new rules. Browse to the installation folder (C:\Program Files(x86) on 64 bit systems w/ 32 bit installation). Open the bin folder. Add a new inbound rule for each of the three items inside (daemon, gui, and opensrv.exe). Make sure ALL connections are allowed when configuring the new inbound rules.

12. Repeat step 11 again, this time for outbound connections. Remember, OpenVPN is sending and receiving information. Make sure ALL connections are allowed for each component.

13. Save all new rules. Double check all parts of Windows Firewall are off: private, public, domain. Double check third party security programs are off.

14. Run OpenVPN. It should connect and have internet browsing capability. If not, make sure you didn't play with your server's config files. A good way to check is opening the connection on a non-Windows 8 machine or other device.

15. If successful, begin bringing your computer's security features up one-by-one.
A. Turn on 3rd party security programs. Test OpenVPN. If it fails, the problem is with your 3rd party program. Make sure ports and connections aren't being blocked.
B. Open Windows Firewall "Advanced". Turn on only Windows Firewall Domain. Test OpenVPN. If it fails, the domain settings are the problem.
C. Turn on Windows Firewall Private. Test again, adjust if necessary.
D. Turn on Windows Firewall Public. Test again, adjust if necessary.
E. Plug any external ethernet drives back in.

16. Do a final test now that all your security is restored. You should be ready to go.

If not:

1. Double check all your inbound and outbound Windows Firewall rules are configured correctly for each component of OpenVPN in the bin folder.
2. Check your local area connection settings.
3. Double check your server is still taking non-Windows 8 connections successfully. If so, repeat steps above.

Good Luck!

[bpmee31]

EXTREMELY IMPORTANT FOLLOWUP:


Always run OpenVPN as Administrator!

[Wtson145]

What we have noticed is that when we are connected to the VPN we can no longer browse the Internet. We have to disconnect from the VPN to be able to go to any other websites. Did not have this issue while using previous versions on Windows XP/7.



________________
watson