Page 1 of 1

Wrong Route on Windows Server

Posted: Fri Nov 30, 2018 8:58 am
by andy232
Hello,

I am using OpenVPN v2.4.6 on Windows Server 2008 R2.
I have the following problem.
After starting OpenVPN on the server the following route is wrong:

Code: Select all

Target       Networkmask          Gateway        Interface         Metrik
10.8.0.0    255.255.255.0         10.8.0.2         192.168.2.10    20

The interface should be 10.8.0.1 and not 192.168.2.10 because that is the ip address of the lan adapter and not the TAP Windows Adapter.
And with this wrong route nobody can reach the server.

On my other Windows Server 2016 I could solve this problem by restarting the openvpnservice with a script. But on Windows Server 2008 R2 this does not help.
The only solution is to deactivate and reactivate the OpenVPN Adapter in Windows. Unfortunately this cannot be done by a script. There are serveral scripts to to this but they do not work with the TAP-Adapter.

Does anybody has a tip ?

The correct route should be:

Code: Select all

Target       Networkmask          Gateway        Interface         Metrik
10.8.0.0    255.255.255.0         10.8.0.2         10.8.0.1   20


I also tried to set a static route and so on but with no luck.

Thank You!

Greetings, Andreas.

Re: Wrong Route on Windows Server

Posted: Fri Nov 30, 2018 10:25 am
by flint2003
Hello.
Please, show us the config files how you establish the routes. Manually or with the OpenVPN?

Re: Wrong Route on Windows Server

Posted: Sat Dec 01, 2018 11:15 pm
by cname
This may or may not work for Windows Server 2008: https://www.lwyh.org/en/openvpn-windows ... -2019.html

Re: Wrong Route on Windows Server

Posted: Mon Dec 03, 2018 10:15 am
by andy232
Hi,

here is my openvpn config:

Server Config

port 1194
proto udp
dev tun
dev-node OpenVPN
cd ..\\easy-rsa\\keys
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option WINS 10.8.0.1"
push "dhcp-option DNS 10.8.0.1"
duplicate-cn
keepalive 10 120
compress lz4-v2
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
auth-nocache


I do not any additional or manual routing

Re: Wrong Route on Windows Server

Posted: Mon Dec 03, 2018 11:14 am
by flint2003
Hi Andy
This is my working configuration
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
dev tun
proto udp4
port 443
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
topology subnet
tls-server
client-config-dir ccd
setenv PATH "C:\\Windows\\System32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem"
route-method exe
route-delay 10
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
route 10.8.0.0 255.255.255.0
route 172.18.9.0 255.255.255.0 10.8.0.2
cipher AES-128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 4
# tls-cipher "DEFAULT:@SECLEVEL=0" - use this for 2.4.6 version only
tls-auth ta.key 0
tun-mtu 1500
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Well, pay attention on as follows:
1) "client-config-dir ccd" - this folder with files about every client. You can read about it in "HOW TO"
2) this set of directives:
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
route 10.8.0.0 255.255.255.0
route 172.18.9.0 255.255.255.0 10.8.0.2

I explicitly appointed all required information about my OpenVPN server

3) "route 172.18.9.0 255.255.255.0 10.8.0.2"
This is a route to the client. I've got only one client thus the route is one only too

I hope my information can help you to run your server anywhere

Re: Wrong Route on Windows Server [solved]

Posted: Tue Dec 04, 2018 3:38 pm
by andy232
Hello

thank You for the tips. Finally I found an error on the openvpn-log that the route could not be set.
I saw this post viewtopic.php?t=12362 and added a batch to remove and install the TAP-Adapter every morning:

Code: Select all

"C:\Program Files\TAP-Windows\bin\tapinstall.exe" remove tap0901
"C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901
Now it works!

Greetings, Andreas

Re: Wrong Route on Windows Server

Posted: Tue Dec 04, 2018 3:53 pm
by TinCanTech
@andy232, that is a terrible solution ..

It sounds more like you are experiencing the "Windows wake from sleep TAP adaptor" bug.

Re: Wrong Route on Windows Server

Posted: Wed Dec 05, 2018 2:04 pm
by flint2003
It's a very strange solution made by andy232.
As we can see, the configuration file (*.ovpn) was made with mistakes.
Andy, why didn't you take the template of a configuration file and changed it?
You made the strange workaround instead of that.
It's really strange. I cannot understand things you were guided by......

Re: Wrong Route on Windows Server

Posted: Wed Dec 05, 2018 6:18 pm
by andy232
Thankyou for the Suggestions. Starting from Scratch with a New Config file Sounds good. I will do it next Year when I have More Time.....

Greetings, Andy