OpenVPN for windows 2003 clients

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
blakelharris
OpenVpn Newbie
Posts: 2
Joined: Sat Aug 21, 2010 6:54 pm

OpenVPN for windows 2003 clients

Post by blakelharris » Sat Aug 21, 2010 7:04 pm

Hiya!

I have setup an OpenVPN server recently. I got it tested on multiple Windows XP users and it is working great!.

However when I have it tested on a Windows Server 2003, I encountered several problems.

Problem situation: Windows Server 2003 client started OpenVPN interface and downloaded the configuration for OpenVPN server. A while after he clicked connect, the windows 2003 RDP connection will be dropped; Basically the server's internet connection seems to be down thereafter.

I have checked the OpenVPN server logs and it something like the following:

client XXX.XXX.XXX.XXX:PORT: MULTI: Bad address from source from client [XXX.XXX.XXX.XXX]

Yes. It shows both the external ip for the windows server 2003 client.

I am thinking whether is it a Windows Server 2003 problem as I have no problems with Windows XP users. It might be that in Windows Server 2003, I might need to do a little bit of configuration beforehand. I have googled but to no avail except for several hints on configuring the Routing and Remote access part but I dont have the idea on how to do that.

Basically, I need the Windows Server 2003 client (The machine itself) to be able to have Remote Desktop available for its users, while at the same time the users is able to use OpenVPN to connect to the internet (the users at this point of time, is using the RDP service).

Would anyone kindly point me to the correct direction?

Thanks!

blakelharris
OpenVpn Newbie
Posts: 2
Joined: Sat Aug 21, 2010 6:54 pm

Re: OpenVPN for windows 2003 clients

Post by blakelharris » Tue Aug 24, 2010 1:04 pm

I thought I post an update to include the logs and configuration used and simplified what is going on.

HOME -> RDP -> REMOTE SERVER -> VPN -> VPN SERVER -> INTERNET

Above is the process which I am trying to achieve but encountered the following errors:

1) When remote server connects to the vpn server, rdp conenction is dropped.
2) MULTI: BAD Source address from client errors shown in the vpn server logs.
3) When I try to connect to the remote server via its public IP, it does not work anymore.

Server Configuration:
http://pastebin.com/w35s7Bhp

Server Logs:
http://pastebin.com/cP8i22J8

Client Configuration:
http://pastebin.com/S1TkVyc8

Client Logs:
http://pastebin.com/8wU2sDH3

Able to ping the private ip assigned from the VPN server:

Code: Select all

PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
64 bytes from 10.8.0.6: icmp_seq=1 ttl=128 time=58.5 ms
64 bytes from 10.8.0.6: icmp_seq=2 ttl=128 time=58.8 ms
64 bytes from 10.8.0.6: icmp_seq=3 ttl=128 time=58.9 ms
64 bytes from 10.8.0.6: icmp_seq=4 ttl=128 time=58.6 ms
64 bytes from 10.8.0.6: icmp_seq=5 ttl=128 time=60.5 ms
64 bytes from 10.8.0.6: icmp_seq=6 ttl=128 time=58.5 ms
Would really appreciate if someone could help me help.

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: OpenVPN for windows 2003 clients

Post by krzee » Sun Aug 29, 2010 10:20 am

blakelharris wrote: HOME -> RDP -> REMOTE SERVER -> VPN -> VPN SERVER -> INTERNET

Above is the process which I am trying to achieve but encountered the following errors:

1) When remote server connects to the vpn server, rdp conenction is dropped.
2) MULTI: BAD Source address from client errors shown in the vpn server logs.
3) When I try to connect to the remote server via its public IP, it does not work anymore.
Right... that makes sense.
You are using redirect-gateway. When REMOTE SERVER changes its gateway to send all traffic over the VPN, you can no longer access the machine via Internet IP because responses could only possibly reach you from the VPN server. This is the expected result of changing your route in such a way.
If you only need a single IP (HOME) to access REMOTE SERVER not over the VPN, you can add a route for it to bypass the VPN.
Hope that helps!

Post Reply