Windows 2003 OpenVPN client not adding route

[Nessaja128]

Hi,

I've set up OpenVPN on our intranet, but there's 1 system that's not accepting the route command, I've search everywhere that I could think of but still couldn't find a solution.

The Windows 2003 mashine is supposed to connect to the OpenVPN server through the intranet, but gives this error:

Thu Oct 27 11:05:28 2011 ROUTE default_gateway=192.168.0.1
Thu Oct 27 11:05:28 2011 TAP-WIN32 device [YELLOW - OpenVPN] opened: \\.\Global\{9A1DDB8A-7B58-4AAB-9B4B-F013E52C8577}.tap
Thu Oct 27 11:05:28 2011 TAP-Win32 Driver Version 9.8
Thu Oct 27 11:05:28 2011 TAP-Win32 MTU=1500
Thu Oct 27 11:05:28 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.128.98/255.255.255.252 on interface {9A1DDB8A-7B58-4AAB-9B4B-F013E52C8577} [DHCP-serv: 192.168.128.97, lease-time: 31536000]
Thu Oct 27 11:05:28 2011 NOTE: FlushIpNetTable failed on interface [65541] {9A1DDB8A-7B58-4AAB-9B4B-F013E52C8577} (status=259) : No more data is available.
Thu Oct 27 11:05:30 2011 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Oct 27 11:05:30 2011 Route: Waiting for TUN/TAP interface to come up...
Thu Oct 27 11:05:33 2011 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Thu Oct 27 11:05:33 2011 Route: Waiting for TUN/TAP interface to come up...
Thu Oct 27 11:05:34 2011 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Thu Oct 27 11:05:34 2011 C:\WINNT\system32\route.exe ADD 192.168.128.0 MASK 255.255.255.0 192.168.128.97
The route addition failed: The parameter is incorrect.
Thu Oct 27 11:05:34 2011 Initialization Sequence Completed

Config File:

############################
## OpenVPN client config ##
## for Windows client
############################
client
dev tun
proto udp
remote 192.168.1.5 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
route-method exe
route-delay 2
ca ca.crt
cert dataserver.crt
key dataserver.key
link-mtu 1200
cipher DES-EDE3-CBC
ns-cert-type server
comp-lzo
verb 3
mute 20
win-sys env

Is there anything else that I can try to get it connected?

[janjust]

is the

Code: Select all

route-method exe

really necessary ?
If so, try adding

Code: Select all

route-delay 2 2

(note the second '2'!) to the config - this tells openvpn to wait for 2 seconds for the tap-win32 interface to come up.

[Nessaja128]

Thanks for your reply,

If tried adding the extra "2", didn't have and effect, and I've also removed the 2 lines "route-method exe" and "route delay".

Here's the log with the 2x lines removed:

Thu Oct 27 11:43:05 2011 SENT CONTROL [ec-squid]: 'PUSH_REQUEST' (status=1)
Thu Oct 27 11:43:05 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.128.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.128.98 192.168.128.97'
Thu Oct 27 11:43:05 2011 OPTIONS IMPORT: timers and/or timeouts modified
Thu Oct 27 11:43:05 2011 OPTIONS IMPORT: --ifconfig/up options modified
Thu Oct 27 11:43:05 2011 OPTIONS IMPORT: route options modified
Thu Oct 27 11:43:05 2011 ROUTE default_gateway=192.168.0.1
Thu Oct 27 11:43:05 2011 TAP-WIN32 device [YELLOW - OpenVPN] opened: \\.\Global\{9A1DDB8A-7B58-4AAB-9B4B-F013E52C8577}.tap
Thu Oct 27 11:43:05 2011 TAP-Win32 Driver Version 9.8
Thu Oct 27 11:43:05 2011 TAP-Win32 MTU=1500
Thu Oct 27 11:43:05 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.128.98/255.255.255.252 on interface {9A1DDB8A-7B58-4AAB-9B4B-F013E52C8577} [DHCP-serv: 192.168.128.97, lease-time: 31536000]
Thu Oct 27 11:43:05 2011 NOTE: FlushIpNetTable failed on interface [65541] {9A1DDB8A-7B58-4AAB-9B4B-F013E52C8577} (status=259) : No more data is available.
Thu Oct 27 11:43:10 2011 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Thu Oct 27 11:43:10 2011 C:\WINNT\system32\route.exe ADD 192.168.128.0 MASK 255.255.255.0 192.168.128.97
Thu Oct 27 11:43:10 2011 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=65541]
Thu Oct 27 11:43:10 2011 Route addition via IPAPI failed [adaptive]
Thu Oct 27 11:43:10 2011 Route addition fallback to route.exe
The route addition failed: The parameter is incorrect.
Thu Oct 27 11:43:10 2011 Initialization Sequence Completed

[janjust]

that seems like a permissions/privileges issues; does the user which launches openvpn have administrator (or at least NetworkConfigurationOperators ) rights?

[Nessaja128]

Yes sir,

I'm using the administrator account

EDIT:
I found this in the event log:

Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 2011/10/27
Time: 02:01:57 PM
User: N/A
Computer: DATA-SERVER
Description:
The IP address lease 192.168.128.98 for the Network Card with network address 00FF9A1DDB8A has been denied by the DHCP server 192.168.128.97 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

[janjust]

oh Yuck... you may have been hit by this bug:
https://community.openvpn.net/openvpn/ticket/97
Can you disable ipv6 on the tap-win32 adapter and try again?

[Mimiko]

I came across this problem a time ago. It's because of Automatic Private IP Addressing feature in Windows. As long as the tun adapter has a dhcp IP setting, OpenVPN will fall to set the IP till the tun adapter will not get an ip from 169.250/16. You can resolve this in two methods:
1) Using dhcp setting on tun adapter, add to config:

Code: Select all

ip-win32 ipapi
route-delay 60 60

the route-delay of 60 secs is enough for windows to set that private IP.
2) Use static IP on tun adapter. Set a static IP, and use in config file:

Code: Select all

ifconfig-noexec

Don't disable Automatic Private IP Addressing, as when using dhcp setting on tun adapter, the traffic will not run thru tunnel, even it will establish. It's a bug of windows, leaving that private IP when a DHCP IP is accesible.