Another routing problem. Windows based. PayPal $30 Reward

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
gizmoshq
OpenVpn Newbie
Posts: 6
Joined: Wed May 01, 2019 8:07 pm

Another routing problem. Windows based. PayPal $30 Reward

Post by gizmoshq » Wed Jul 31, 2019 6:47 pm

Ok, So I've setup several OpenVPN networks. One nagging problem I have always had is with Windows based ones, I can never ping the computers behind the client router. Clients behind client router can all ping computers behind the server, so it's a one way problem.

Both machines run Windows 10.
Both machines have custom persistent routes installed with route-p. They are not default gateways/routers on the network. I wouldn't be here if they were, in this case, I can't upset the existing network infrastructure. I will be adding routes to the clients via Group Policy. This appears to be a Windows specific problem. The client routers do not support adding additional routes, so we must make the Windows box actually use the routes we provide.

Client lan computers can ping server, and any machines on the same subnet as the server (192.168.3.0) when appropriate routing has been added. HOWEVER, on the Server, when I attempt to tracert to the clients, the Windows server attempts to route the traffic through 192.168.3.254, which is the default network gateway, not 10.4.0.1 which is the OpenVPN TAP adapter. Routing registry hack has been applied, RRAS is enabled.

TracerT output from server:

[oconf=]
Tracing route to 192.168.1.10 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms router.asus.com [192.168.3.254]
2 8 ms 10 ms 7 ms 24.69.128.1
3 10 ms 9 ms 9 ms rd2cv-be102-1.gv.shawcable.net [64.59.162.201]
4 12 ms 11 ms 11 ms rc3so-tge0-11-0-20.cg.shawcable.net [66.163.75.245]
[/oconf]

You can see that the server is firing these packets out of the default gateway on the lan, which of course won't work because it should stick them through 10.4.0.1 which is the IP address of the TAP adapter.

Here are my configs:

[oconf=]
port 821
proto udp
dev tun
(Keys and certs removed)
topology subnet
server 10.4.0.0 255.255.255.0
route "192.168.1.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
client-config-dir "c:\\Program Files\\OpenVPN\\clients\\"
client-to-client
keepalive 5 10
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
[/oconf]

Client

[oconf=]
client
dev tun
proto udp
keepalive 10 30
remote host 821
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
[/oconf]

CCD File for client:

iroute 192.168.1.0 255.255.255.0

Routing table for Server:

[oconf=]
===========================================================================
Interface List
13...00 15 5d af 40 05 ......Microsoft Hyper-V Network Adapter
12...00 ff a8 9e f4 81 ......TAP-Windows Adapter V9
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 10.4.0.1 281
0.0.0.0 0.0.0.0 192.168.3.254 192.168.3.5 281
10.4.0.0 255.255.255.0 On-link 10.4.0.1 281
10.4.0.1 255.255.255.255 On-link 10.4.0.1 281
10.4.0.255 255.255.255.255 On-link 10.4.0.1 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 10.4.0.1 26
192.168.1.255 255.255.255.255 On-link 10.4.0.1 281
192.168.3.0 255.255.255.0 On-link 192.168.3.5 281
192.168.3.5 255.255.255.255 On-link 192.168.3.5 281
192.168.3.255 255.255.255.255 On-link 192.168.3.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.4.0.1 281
224.0.0.0 240.0.0.0 On-link 192.168.3.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.4.0.1 281
255.255.255.255 255.255.255.255 On-link 192.168.3.5 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.1.0 255.255.255.0 10.4.0.1 1
0.0.0.0 0.0.0.0 192.168.3.254 Default
0.0.0.0 0.0.0.0 10.4.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
12 281 fe80::/64 On-link
13 281 fe80::/64 On-link
12 281 fe80::8c74:c3b4:29ec:f44e/128
On-link
13 281 fe80::f1ce:a347:34e7:477c/128
On-link
1 331 ff00::/8 On-link
12 281 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
[/oconf]

Routeing Table for Client:

[oconf=]
===========================================================================
Interface List
2...20 89 84 ed c4 c2 ......Realtek PCIe GBE Family Controller
18...00 ff 99 8e 9c 88 ......TAP-Windows Adapter V9
19...00 ff a2 e0 ea f0 ......TAP-Windows Adapter V9 #2
67...00 ff dc 41 3d 71 ......TAP-Windows Adapter V9 #3
15...52 2b 73 d4 12 ef ......Microsoft Wi-Fi Direct Virtual Adapter
21...50 2b 73 d4 12 ef ......Microsoft Wi-Fi Direct Virtual Adapter #3
23...50 2b 73 d4 12 ef ......Tenda Wireless USB Adapter
1...........................Software Loopback Interface 1
41...00 15 5d 38 0d 64 ......Hyper-V Virtual Ethernet Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 35
10.3.0.0 255.255.255.0 On-link 10.3.0.1 281
10.3.0.1 255.255.255.255 On-link 10.3.0.1 281
10.3.0.255 255.255.255.255 On-link 10.3.0.1 281
10.4.0.0 255.255.255.0 On-link 10.4.0.4 281
10.4.0.4 255.255.255.255 On-link 10.4.0.4 281
10.4.0.255 255.255.255.255 On-link 10.4.0.4 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
169.254.0.0 255.255.0.0 On-link 172.17.217.129 5256
169.254.0.0 255.255.0.0 On-link 192.168.1.10 5256
169.254.255.255 255.255.255.255 On-link 172.17.217.129 5256
169.254.255.255 255.255.255.255 On-link 192.168.1.10 291
172.17.217.128 255.255.255.240 On-link 172.17.217.129 5256
172.17.217.129 255.255.255.255 On-link 172.17.217.129 5256
172.17.217.143 255.255.255.255 On-link 172.17.217.129 5256
192.168.1.0 255.255.255.0 On-link 192.168.1.10 291
192.168.1.10 255.255.255.255 On-link 192.168.1.10 291
192.168.1.255 255.255.255.255 On-link 192.168.1.10 291
192.168.3.0 255.255.255.0 10.4.0.1 10.4.0.4 25
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.10 291
224.0.0.0 240.0.0.0 On-link 172.17.217.129 5256
224.0.0.0 240.0.0.0 On-link 10.4.0.4 281
224.0.0.0 240.0.0.0 On-link 10.3.0.1 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.10 291
255.255.255.255 255.255.255.255 On-link 172.17.217.129 5256
255.255.255.255 255.255.255.255 On-link 10.4.0.4 281
255.255.255.255 255.255.255.255 On-link 10.3.0.1 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
41 5256 fe80::/64 On-link
18 281 fe80::/64 On-link
19 281 fe80::/64 On-link
18 281 fe80::65c8:ec49:f134:36fc/128
On-link
19 281 fe80::98a5:e4d0:1620:2dd8/128
On-link
41 5256 fe80::f594:e71:f52e:5aae/128
On-link
1 331 ff00::/8 On-link
41 5256 ff00::/8 On-link
18 281 ff00::/8 On-link
19 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

[/oconf]

Post Reply