After switching to win7 I noticed that I can't use home network at default gateway anymore checking with http://www.whatismyip.com but hotel network.
I noticed that in the client windows I get an error message when openvpn trying to push route:
Code: Select all
ERROR: Windows route add command failed [adaptive]: returned error code 1
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.1.1
ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=23]
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
The requested operation requires elevation.
Code: Select all
C:\WINDOWS\system32\route.exe ADD "my home ip address" MASK 255.255.255.255 192.168.72.1
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.1.1
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.1.1
ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Route addition via IPAPI succeeded [adaptive]
Initialization Sequence Completed
My router openvpn server configuration is:
Code: Select all
mode server
tls-server
port 1194
#proto udp
proto tcp-server
dev tap0
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
dh /tmp/openvpn/dh.pem
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.105
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.1"
management localhost 5002
client-to-client
daemon
keepalive 10 120
tls-auth /tmp/openvpn/ta.key 0
#cipher AES-256-CBC
cipher BF-CBC
comp-lzo
persist-key
persist-tun
verb 1
Code: Select all
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Code: Select all
iptables -t nat -I PREROUTING -p tcp --dport 1194 -d 192.168.1.1 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d `nvram get wan_ipaddr` --dport 1194 -j ACCEPT