SOLVED: OpenVPN 2.5.x on Windows Server 2019 on AWS

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mjans71
OpenVpn Newbie
Posts: 3
Joined: Fri Sep 17, 2021 6:25 pm

SOLVED: OpenVPN 2.5.x on Windows Server 2019 on AWS

Post by mjans71 » Fri Sep 17, 2021 6:46 pm

I have an OpenVPN server I set up on Amazon on Windows about 9 years ago. It's currently running on Windows Server 2016 Data Center with OpenVPN 2.4.0. I upgraded both the server and OpenVPN a few years ago. It runs great.

I am setting up a server with Windows Server 2019 and OpenVPN 2.5.3. The configuration files are almost identical, but with different subnets.

I have the Windows Firewall turned off on the server for now until I get it working (I have other AWS security in place).

I can:

* connect a client to the server
* ping the server's virtual IP address from the client
* remote desktop to the server from the client using it's virtual IP address
* use AWS Reachability Analyzer to verify that I can get to IP addresses served by the OpenVPN server (10.4.0.0/24) from AWS VPC addresses and vice-versa (NOTE: This means that OpenVPN destined addresses get properly routed to the OpenVPN server and that OpenVPN sourced packets get routed properly to AWS addresses -- it does not mean that the OpenVPN client was reached)
* ping and otherwise connect to other servers in my AWS VPC from the OpenVPN server
* ping and otherwise connect to the OpenVPN server from other servers in my AWS VPC

I cannot:

* ping or otherwise connect to addresses on my AWS VPC from my OpenVPN client (route pushed for 10.0.0.0/255.255.0.0)
* ping or otherwise connect to my client VPN address from any address on my AWS VPC (route setup to route OpenVPN subnet to OpenVPN server)

This seems to be a configuration issue on my OpenVPN server and not an AWS configuration issue at this point.

Server Config

#--------------------------------------------------------------------------
#--------------------------------------------------------------------------
# OpenVPN Server Configuration
#--------------------------------------------------------------------------
#--------------------------------------------------------------------------

#--------------------------------------------------------------------------
# Basic connection configuration
#--------------------------------------------------------------------------

port XXXXX
proto udp
dev tun
dev-node openvpn-primary

keepalive 10 120
explicit-exit-notify 1

max-clients 10
persist-key
persist-tun

#--------------------------------------------------------------------------
# Encryption, keys, certifictaes
#--------------------------------------------------------------------------

#-------------------
# these are inlined
# at the bottom of
# the file
#-------------------
;ca ca.crt
;cert server.crt
;key server.key
askpass XXXXX
dh dh.pem
tls-auth ta.key 0
cipher AES-256-CBC


#--------------------------------------------------------------------------
# Network topology
#--------------------------------------------------------------------------

topology subnet
server 10.4.0.0 255.255.255.0
client-to-client

#--------------------------------------------------------------------------
# Client configuration
#--------------------------------------------------------------------------

ifconfig-pool-persist ipp.txt
client-config-dir client-config

# AWS VPC
;push "route 10.4.0.0 255.255.255.0"
push "route 10.0.4.0 255.255.255.0"
push "route 10.0.0.0 255.255.0.0"

# XXXXXXX servers
push "route 10.10.0.200 255.255.255.255"
push "route 10.120.0.4 255.255.255.255"

push "dhcp-option DNS 10.0.1.135"
push "dhcp-option DNS 10.0.2.126"
push "dhcp-option DOMAIN XXXXXXX"

#--------------------------------------------------------------------------
# Logging
#--------------------------------------------------------------------------

status openvpn-status.log
log openvpn.log
mute 20

# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 9

#--------------------------------------------------------------------------
# Inline creds
#--------------------------------------------------------------------------

<ca>
-----BEGIN CERTIFICATE-----
blah blah blah
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
blah blah blah
-----BEGIN CERTIFICATE-----
blah blah blah
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
blah blah blah
-----END ENCRYPTED PRIVATE KEY-----
</key>



Client Config

client
dev tun
dev-node XXXXX
proto udp
remote XX.XX.XX.XX XXXXX
resolv-retry infinite
nobind
persist-key
persist-tun
askpass XXXXX
remote-cert-tls server
tls-auth radar-dev.ta.key 1
cipher AES-256-CBC

verb 3
mute 20
mute-replay-warnings

# client:

<ca>
-----BEGIN CERTIFICATE-----
blah blah blah
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
blah blah blah
-----BEGIN CERTIFICATE-----
blah blah blah
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
blah blah blah
-----END ENCRYPTED PRIVATE KEY-----
</key>

Last edited by mjans71 on Fri Sep 17, 2021 8:01 pm, edited 1 time in total.

mjans71
OpenVpn Newbie
Posts: 3
Joined: Fri Sep 17, 2021 6:25 pm

SOLVED: OpenVPN 2.5.x on Windows Server 2019 on AWS

Post by mjans71 » Fri Sep 17, 2021 8:01 pm

SOLVED: Just needed to enable Routing and Remote Access role and turn on LAN routing.

https://openvpn.net/cloud-docs/enabling ... rver-2016/

Post Reply