VPN tunnel up and traffic routes over it, but one application won't work over it

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
OpenVpn Newbie
Posts: 1
Joined: Sun May 16, 2021 11:07 pm

VPN tunnel up and traffic routes over it, but one application won't work over it

Post by mmnz » Sun May 16, 2021 11:45 pm

I banged my head against this issue for weeks; posting this here in the hope that it helps someone else.

TL;DR: If you are having weird issues with application not working over VPN, try taking a packet capture of the traffic that ISN'T routed via the VPN tunnel.

Successfully made many versions of OpenVPN Connect Windows 10 client connect to the OpenVPN server. Versions turned out not to be important...

One specific application would not work over the VPN tunnel. We could see application traffic successfully going over the link, to/from the server, but the application would not work

Troubleshooting Steps Tried:
Managed to route test traffic over the VPN
Used Wireshark on the VPN tunnel interface to confirm that traffic entering the tunnel was the same traffic being sent out to the application server at the other end
Attempted Layer 2 and Layer 3 tunnels, changed MTU settings, pushed specific routes, pushed default routes, no difference; started losing my mind.
Eventually we tried using Wireshark on the LAN interface, where we expected to only see UDP/1194 VPN tunnel traffic. But some of the application traffic was "escaping the VPN tunnel" straight onto the LAN, where it was unable to route to the application server.

Root cause:
Some older applications can choose a specific interface to send traffic to, completely bypassing any routing configured on the Windows 10 PC.

Software vendor was very proud that they had achieved this ("working as designed"); they showed us how to change a local configuration file to "bind" the application to the new VPN tunnel virtual interface instead of the physical LAN interface; this solved the problem.

Post Reply